This of course is not needed if you don't have .NET 2.0
installed, or if it's installed but disabled.
----- Original Message -----
TITLE:
Microsoft .NET Framework Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA22307
VERIFY ADVISORY:
http://secunia.c
om/advisories/22307/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
Microsoft .NET Framework 2.x
http://secunia.com/p
roduct/6456/
DESCRIPTION:
A vulnerability has been reported in ASP.NET 2.0, which can
be
exploited by malicious people to conduct cross-site
scripting
attacks.
Certain input is not properly sanitised before being
returned
to the
user. This can be exploited to execute arbitrary code in a
users
browser-session associated with a vulnerable website.
Successful exploitation requires that the
"AutoPostBack"
feature is
set to "true" (not the default setting).
SOLUTION:
Apply patch:
Microsoft .NET Framework 2.0:
http://www.microsof
t.com/downloads/details.aspx?FamilyId=34C375AA-2F54-4416-B1F
C-B73378492AA6
ORIGINAL ADVISORY:
MS06-056 (KB922770):
http://www.microsoft.com/technet/security/Bullet
in/MS06-056.mspx
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|