When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

MS bitten by old .NET vulnerability

Neowin · with -1 comments

Numerous installations of Microsoft ASP.NET are vulnerable to cross-site scripting (CSS), according to a recent post by Johannes Westerink to the BugTraq mailing list.

CSS leverages JavaScript and makes it possible to place a malicious URL in an e-mail or on a Web site, which if followed will compromise the user's machine by various means, including exposing shares and/or retrieving data files such as cookies.

JavaScript can also be executed on a remote server using malicious URLs. There are numerous possible attacks; but for one common example, a 404 page may be generated with the added bonus of full path disclosure.

Westerink says he contacted MS about the issue six months ago but never got a reply.

View: Johannes Westerink's post at SecurityFocus

View: ComputerBytesMan

News source: The Register - MS bitten by old .NET vulnerability

Report a problem with article
Next Article

Let's Challenge Linux Security Assumptions

Previous Article

Malformed Network Request can cause Office v. X for Mac to fail

Join the conversation!

Login or Sign Up to read and post a comment.

-1 Comments - Add comment