Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft .Net framework multiple security vulnerabilities
updated since 10.07.2007
Published:25.08.2008
Source:
SecurityVulns ID:7911
Type:client
Threat Level:
7/10
Description:Buffer overflow on PE .Net format parsing, buffer overflow in KIT compiler, remote information leak in ASP.NET with poisoned NULL byte.
Affected:MICROSOFT : Windows 2000 Server
 MICROSOFT : Windows 2000 Professional
 MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
CVE:CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework 2.0 through 2.0 SP2 for Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".)
 CVE-2007-0042 (ASP.NET in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003; and 2.0 and earlier for Windows Vista allows remote attackers to access configuration files and obtain sensitive information via "invalid URLs," probably containing a terminating NULL byte.)
 CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 2.0 SP2 and earlier for Windows 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.)
Original documentdocumentProCheckUp Research, PR08-20: Bypassing ASP .NET "ValidateRequest" for Script Injection Attacks (25.08.2008)
 documentPaul Craig, Multiple .NET Null Byte Injection Vulnerabilities (11.07.2007)
 documentMICROSOFT, Microsoft Security Bulletin MS07-040 - Critical Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (10.07.2007)
Files:Bypassing ASP .NET “ValidateRequest” for Script Injection Attacks

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod