Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
21 Nov 2024, 01:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.us-cert.gov/cas/techalerts/TA13-008A.html - US Government Resource | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-004 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16339 - |
07 Dec 2023, 18:38
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:*:* |
Information
Published : 2013-01-09 18:09
Updated : 2024-11-21 01:46
NVD link : CVE-2013-0004
Mitre link : CVE-2013-0004
CVE.ORG link : CVE-2013-0004
JSON object : View
Products Affected
microsoft
- windows_vista
- windows_rt
- windows_7
- .net_framework
- windows_xp
- windows_server_2012
- windows_server_2003
- windows_server_2008
- windows_8
CWE
CWE-20
Improper Input Validation