Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0003

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2013-0003
Last Modified 02 Nov 2013 11:29:19
Published 09 Jan 2013 01:09:40
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0003

Summary

Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."

Vulnerable Systems

Application

  • Microsoft .net Framework 2.0

  • Microsoft .net Framework 3.5

  • Microsoft .net Framework 3.5.1

  • Microsoft .net Framework 4.0

  • Microsoft .net Framework 4.5


References

MS - MS13-004

CERT - TA13-008A

Related Patches

MS13-004 Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Win 2008 x86 (KB2742597)

MS13-004 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Windows Vista, and Win 2008 x86 (KB2742613)

MS13-004 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Win 2008 SP2 x86 (KB2742601)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2742598)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 x86 (KB2756920)

MS13-004 Security Update for Microsoft .NET Framework 4.5 on Windows 7, Vista, Win 2008, Win 2008 R2 for x64 (KB2742613)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Win7 and 2008 R2 SP1 x64 (KB2742599)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 x64 (KB2756920)

MS13-004 Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 x64 (KB2742598)

MS13-004 Security Update for Microsoft .NET Framework 1.1 SP1 on Win 2003 and Win 2003 R2 x86 (KB2742604)

MS13-004 Security Update for Microsoft .NET Framework 2.0 SP2 on 2003 and XP x64 (KB2742596)

MS13-004 Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Vista SP2 and Win 2008 SP2 for x64 (KB2742601)

MS13-004 Security Update for Microsoft .NET Framework 3.0 SP2 on Vista SP2 and 2008 SP2 x64 (KB2756919)

MS13-004 Security Update for .NET 4 on XP, Server 2003, Vista, Win 7, Server 2008, Server 2008 R2 for x64 (KB2742595)


Last Updated: 27 May 2016 11:01:56