Tom Olzak

Emergency patch for ASP.NET vulnerability

In Cybercrime, Data Security, Hacking, security, Security Management on September 29, 2010 at 14:28

According to H Security, this ASP.NET vulnerability should be patched as soon as possible.  The patch, MS10-070, is available from Microsoft as of 2/28/2010.

The vulnerability can be remotely exploited to read specific ViewState values and cookies and to download files from a server without possessing the necessary authority. The Padding Oracle Exploitation Tool (Poet) is able to take advantage of this kind of vulnerability. Affected products include Microsoft SharePoint 2010, SharePoint Foundation 2010, Microsoft Office SharePoint Server 2007, Windows SharePoint Services 3.0 and Windows SharePoint Services 2.0.

via Emergency patch for ASP.NET vulnerability on its way – The H Security: News and Features.

  1. CORRECTION: The patch was released on 9/28/2010, not 2/28/2010.

Comments are closed.

%d bloggers like this: