CVE-2013-0086

Published: Mar 13, 2013Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."

Affected (2)

Products: Microsoft: Sharepoint Foundation, Sharepoint Server

Microsoft

2 products

Sharepoint Foundation

Sharepoint Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Sharepoint Foundation	Version 2010 sp1
Microsoft Sharepoint Server	Version 2010 sp1

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (6)

http://www.us-cert.gov/ncas/alerts/TA13-071A

Source: secure@microsoft.com

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539

Source: secure@microsoft.com

http://www.us-cert.gov/ncas/alerts/TA13-071A

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-025

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16539

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.