Elevation of privilege vulnerability in Microsoft .NET Framework via a crafted URLID: oval:org.secpod.oval:def:3632 | Date: (C)2011-12-30 (M)2023-12-14 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft .NET Framework 1.1 or 2.0 or 3.5 or 3.5.1 or 4.0 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications, which fail to properly handle cached content when Forms Authentication is used with sliding expiry. Successful exploitation allows remote attackers to obtain access to arbitrary user accounts via a crafted URL.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows 7 |
Microsoft Windows Server 2003 |
Microsoft Windows Server 2008 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 R2 |
Microsoft Windows XP |
Product: |
Microsoft .NET Framework |