[Microsoft Alert] Microsoft Security Bulletin MS06-033

Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

Issued: July 11, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows NET Framework 2.0

 

Impact of Vulnerability: Information Disclosure

 

Maximum Severity Rating: Important

 

Recommendation: Customers should apply the update at the earliest

 

Security Update Replacement: None

 

 

Vulnerability Details:

This Information Disclosure vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folders explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.

 

Affected Software:

.NET Framework 2.0 for the following operating system versions:

 

• Microsoft Windows 2000 Service Pack 4

 

• Microsoft Windows XP Service Pack 1 or Windows XP Service Pack 2

 

• Microsoft Windows XP Professional x64 Edition

 

• Microsoft Windows XP Tablet PC Edition

 

• Microsoft Windows XP Media Center Edition

 

• Microsoft Windows Server 2003 or Windows Server 2003 Service Pack 1

 

• Microsoft Windows Server 2003 for Itanium-based systems and Microsoft Windows Server with SP1 for Itanium-based Systems

 

• Microsoft Windows Server 2003 x64 Edition

---