Microsoft ASP.NET padding information disclosure vulnerability - MS10-070ID: oval:org.secpod.oval:def:2047 | Date: (C)2011-07-26 (M)2022-10-10 |
Class: PATCH | Family: windows |
The host is missing a critical security update according to Microsoft security bulletin, MS10-070. The update is required to fix information disclosure vulnerability. A flaw is present in ASP.NET (.Net Framework) encryption implementation in IIS, which fails to evaluate generated error codes during decryption attempts. Successful exploitation could allow an attacker to gain sensitive information on the affected system .
Platform: |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows 7 |
Product: |
Microsoft .NET Framework |