Unchecked Buffer in ASP.NET Component of Microsoft .NET 1.0

Reported June 6, 2002, by Microsoft.



·         Microsoft ASP.NET component of the Microsoft .NET Framework 1.0



A vulnerability exists in the ASP.NET component of the Microsoft .NET Framework 1.0 that can result in a Denial of Service (DoS) condition or execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer in a routine that handles cookie processing in the StateServer mode. StateServer mode, however, is not the default session state mode for session management. This vulnerability is present only when the vulnerable system is using StateServer mode in conjunction with cookies.


The vendor, Microsoft, has released Security Bulletin MS02-026 to address this vulnerability and recommends that affected users apply the appropriate patch listed in the bulletin.


Discovered by Microsoft.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.