When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

MS bitten by old .NET vulnerability

Numerous installations of Microsoft ASP.NET are vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list.

CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies.

JavaScript can also be executed on a remote server using malicious URLs. There are numerous possible attacks; but for one common example, a 404 page may be generated with the added bonus of full path disclosure.

Westerink says he contacted MS about the issue six months ago but never got a reply.

View: Johannes Westerink's post at SecurityFocus

View: ComputerBytesMan

News source: The Register - MS bitten by old .NET vulnerability

Report a problem with article
Next Article

Let's Challenge Linux Security Assumptions

Previous Article

Malformed Network Request can cause Office v. X for Mac to fail