Reported June 6, 2002, by
Microsoft.
VERSION AFFECTED
·
Microsoft ASP.NET component of the Microsoft .NET Framework
1.0
DESCRIPTION
A vulnerability exists in the ASP.NET component of
the Microsoft .NET Framework 1.0 that can result in a Denial of Service (DoS)
condition or execution of arbitrary code on the vulnerable system. This
vulnerability stems from an unchecked buffer in a routine that handles cookie
processing in the StateServer mode. StateServer mode, however, is not the
default session state mode for session management. This vulnerability is present
only when the vulnerable system is using StateServer mode in conjunction with
cookies.
VENDOR RESPONSE
The
vendor, Microsoft, has released Security
Bulletin MS02-026
to address this vulnerability and recommends that affected users apply the
appropriate patch
listed in the bulletin.
CREDIT
Discovered by Microsoft.
Unchecked Buffer in ASP.NET Component of Microsoft .NET 1.0
0 comments
Hide comments