CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3171

The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.086

EPSS Ranking 91.9%

CVSS Severity

CVSS v2 Score 9.3

References

Products affected by CVE-2013-3171

Microsoft » .net Framework » Version: 2.0

cpe:2.3:a:microsoft:.net_framework:2.0
Microsoft » .net Framework » Version: 3.5

cpe:2.3:a:microsoft:.net_framework:3.5
Microsoft » .net Framework » Version: 3.5.1

cpe:2.3:a:microsoft:.net_framework:3.5.1
Microsoft » .net Framework » Version: 4.0

cpe:2.3:a:microsoft:.net_framework:4.0
Microsoft » .net Framework » Version: 4.5

cpe:2.3:a:microsoft:.net_framework:4.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-3171

Products

Pricing

Contact Us