This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net"

From OWASP
Jump to: navigation, search
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
Published on 11th July 2006
+
#REDIRECT [[:Category:OWASP_.NET_Project]]
   
 
* Microsoft Security Bulletin MS06-034 - Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
 
* Microsoft Security Bulletin MS06-033 - Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
 
 
 
I am a bit confused why MS06-034 is marked with 'Remote Code Execution' since if we follow the same logic, then MS should also release an advisory called "Asp.Net allows Remote Code Execution"
 
 
 
 
 
== Research questions ==
 
 
 
* where are the vulnerabilities (any volunteers to reverse engineer the patches?)
 
** MS06-034 should be on asp.dll
 
** MS060033 should be on the config files?
 
* can the other dislosed vulnerabilites be expoited from an ASP.NET environment, namely
 
** [http://www.microsoft.com/technet/security/Bulletin/MS06-035.mspx Vulnerability in Server Service Could Allow Remote Code Execution (917159)]
 
** [http://www.microsoft.com/technet/security/Bulletin/MS06-036.mspx Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)]
 
 
 
Dinis Cruz
 
 
 
[[Category:OWASP .NET Project]]
 

Latest revision as of 01:22, 22 July 2014