Release DateJul 18, 2007 |
Severityhigh |
ImpactSystem compromise. |
DescriptionThis indicates a possible attempt to exploit an information disclosure vulnerability in ASP.NET, in Microsoft's .NET Framework.This flaw is caused by an input validation error in ASP.NET when processing user supplied URLs. |
Affected ProductsMicrosoft .NET Framework 1.0Microsoft .NET Framework 1.1 Microsoft .NET Framework 2.0 |
Recommended ActionsApply patches :http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0042 |
Reference/shttp://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064549.htmlhttp://www.frsirt.com/english/advisories/2007/2482 (FrSIRT) http://technet.microsoft.com/en-us/security/bulletin/MS07-040.mspx (MS-ID) |
