CVEブラウザに戻る

CVE-2013-0073

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0710%

EPSS Percentile40.71th

Published2013年2月13日

Last Modified2026年4月29日

Vulnerability Description

The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

.net Framework

= 3.5

📦

Microsoft

.net Framework

= 3.5.1

📦

Microsoft

.net Framework

= 4.0

📦

Microsoft

.net Framework

= 4.5

📦

Microsoft

.net Framework

= 2.0

References & Advisories

🔗 http://www.us-cert.gov/cas/techalerts/TA13-043B.html

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-015

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16475

🔗 http://www.us-cert.gov/cas/techalerts/TA13-043B.html

🔗 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-015

🔗 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16475

関連する脆弱性情報

CVE-2014-407310.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the Click...

CVE-2014-180610.0

The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly res...

CVE-2008-510010.0

The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedde...

CVE-2014-412110.0

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifi...