CVE-2013-0004

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:1.0:sp3:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_xp:-:sp3:media_center:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp3:tablet_pc:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:1.1:sp1:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:4.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:r2:x64:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:a:microsoft:.net_framework:4.5:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:sp1:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x64:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8:-:-:x86:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

History

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://www.us-cert.gov/cas/techalerts/TA13-008A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA13-008A.html - US Government Resource
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16339 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16339 -

07 Dec 2023, 18:38

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_vista:*:sp2:x64:*:*:*:*:* cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:*

Information

Published : 2013-01-09 18:09

Updated : 2024-11-21 01:46


NVD link : CVE-2013-0004

Mitre link : CVE-2013-0004

CVE.ORG link : CVE-2013-0004


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_rt
  • windows_7
  • .net_framework
  • windows_xp
  • windows_server_2012
  • windows_server_2003
  • windows_server_2008
  • windows_8
CWE
CWE-20

Improper Input Validation