Check Point Advisories

Update Protection against ASP.NET Information Disclosure Vulnerability (MS06-033)

Check Point Reference: CPAI-2006-087
Date Published: 16 Jul 2006
Severity: Medium
Last Updated: Tuesday 15 May, 2007
Source: Microsoft Security Bulletin MS06-033
Industry Reference:CVE-2006-1300
Protection Provided by:
Who is Vulnerable? NET Framework 2.0 for the following operating system versions:

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1
Windows XP Service Pack
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Tablet PC
Microsoft Windows XP Media Center Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based systems
Microsoft Windows Server with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition

Vulnerability Description ASP.NET is collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. An information disclosure vulnerability exists in ASP.Net that could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folder.
Update/Patch AvaliableMicrosoft has relased a patch for this issue: kb922481
Vulnerability DetailsThe flaw is due to the fact that ASP .NET 2.0 does not properly validate the URL passed. An attacker who successfully exploited this vulnerability could gain unauthorized access to parts of a Web site.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.