9.3
CVE-2013-3131
- EPSS 54.06%
- Published 10.07.2013 03:46:09
- Last modified 11.04.2025 00:51:21
- Source secure@microsoft.com
- Teams watchlist Login
- Open Login
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ .Net Framework Version2.0 Updatesp2
Microsoft ≫ .Net Framework Version3.5
Microsoft ≫ .Net Framework Version3.5.1
Microsoft ≫ .Net Framework Version4.0
Microsoft ≫ .Net Framework Version4.5
Microsoft ≫ Silverlight Version5.0.60401.0
Microsoft ≫ Silverlight Version5.0.60818.0
Microsoft ≫ Silverlight Version5.0.60818.0 Updaterc
Microsoft ≫ Silverlight Version5.0.61118.0
Microsoft ≫ Silverlight Version5.1.10411.0
Microsoft ≫ Silverlight Version5.1.20125.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 54.06% | 0.978 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.