Microsoft Security Bulletin MS10-041
Vulnerability in Microsoft .NET Framework Could Allow Tampering (981343)
http://www.microsoft.com/technet/sec.../ms10-041.mspx
Обход аутентификации в Microsoft .NET Framework
http://www.securitylab.ru/vulnerability/394622.php
Rating: Important
Описание:
Уязвимость позволяет удаленному пользователю произвести спуфинг атаку.
Уязвимость существует из-за ошибки при обработке некоторых XML сигнатур.
Affected Software:
• Microsoft Windows 2000• Microsoft .NET Framework 1.1 Service Pack 1
• Microsoft .NET Framework 2.0 Service Pack 2
• Windows XP, Windows XP x64• Microsoft .NET Framework 1.0 Service Pack 3
• Microsoft .NET Framework 1.1 Service Pack 1
• Microsoft .NET Framework 2.0 Service Pack 2
• Microsoft .NET Framework 3.5 Service Pack 1
• Windows Server 2003, Windows Server 2003 x64• Microsoft .NET Framework 1.1 Service Pack 1
• Microsoft .NET Framework 2.0 Service Pack 2
• Microsoft .NET Framework 3.5 Service Pack 1
• Windows Vista• Microsoft .NET Framework 1.1 Service Pack 1
• Microsoft .NET Framework 2.0 Service Pack 2
• Microsoft .NET Framework 3.5 Service Pack 1
• Windows Server 2008• Microsoft .NET Framework 1.1 Service Pack 1
• Microsoft .NET Framework 2.0 Service Pack 2
• Microsoft .NET Framework 3.5 Service Pack 1
• Windows 7• Microsoft .NET Framework 3.5.1
• Windows Server 2008 R2• Microsoft .NET Framework 3.5.1
Non-Affected Software:
• Microsoft .NET Framework 3.0
• Microsoft .NET Framework 4.0
• Microsoft .NET Framework 3.5• Windows Vista Service Pack 2
• Windows Vista x64 Edition Service Pack 2
• Windows Server 2008 Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 with SP2 for Itanium-based Systems