Difference between revisions of "Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net"

Revision as of 15:35, 22 May 2009

http://www.textraccaldron.com Published on 11th July 2006

Microsoft Security Bulletin MS06-034 - Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)
Microsoft Security Bulletin MS06-033 - Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

I am a bit confused why MS06-034 is marked with 'Remote Code Execution' since if we follow the same logic, then MS should also release an advisory called "Asp.Net allows Remote Code Execution"

Research questions

where are the vulnerabilities (any volunteers to reverse engineer the patches?)
- MS06-034 should be on asp.dll
- MS06-033 should be on the config files?
can the other dislosed vulnerabilites be expoited from an ASP.NET environment, namely
- Vulnerability in Server Service Could Allow Remote Code Execution (917159)
- Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)

Dinis Cruz

Revision as of 23:45, 11 July 2006 (view source) Dinis.cruz (talk \| contribs) ← Older edit		Revision as of 15:35, 22 May 2009 (view source) Deleted user (talk \| contribs) Newer edit →
Line 1:		Line 1:
		+	http://www.textraccaldron.com
	Published on 11th July 2006		Published on 11th July 2006

Difference between revisions of "Microsoft Security Bulletin July 2006-Vulnerabilities in IIS and ASP.Net"

Revision as of 15:35, 22 May 2009

Research questions

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools