CyberSec.Space Logo
Back to CVE Browser

CVE-2013-0073

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile40.71th
PublishedFeb 13, 2013
Last ModifiedApr 29, 2026

Vulnerability Description

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."

Affected Platforms (CPE)

πŸ“¦
Microsoft

.net Framework

= 3.5
πŸ“¦
Microsoft

.net Framework

= 3.5.1
πŸ“¦
Microsoft

.net Framework

= 4.0
πŸ“¦
Microsoft

.net Framework

= 4.5
πŸ“¦
Microsoft

.net Framework

= 2.0

References & Advisories

πŸ”— http://www.us-cert.gov/cas/techalerts/TA13-043B.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-015
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16475
πŸ”— http://www.us-cert.gov/cas/techalerts/TA13-043B.html
πŸ”— https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-015
πŸ”— https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16475

Related Vulnerabilities

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...