From nvd.nist.gov
()
Overview
A community portal about Microsoft NET Framework with blogs, videos, and photos. According to Wikipedia.org: The Microsoft.NET Framework is a software component that can be added to the Microsoft Windows operating system. It provides a large body of pre-coded solutions to common program requirements, and manages the execution of programs written...more
A community portal about Microsoft NET Framework with blogs, videos, and photos. According to Wikipedia.org: The Microsoft.NET Framework is a software component that can be added to the Microsoft Windows operating system. It provides a large body of pre-coded solutions to common program requirements, and manages the execution of programs written specifically for the framework. The.NET Framework is a key Microsoft offering, and is intended to be used by most new applications created for the Windows platform.
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
More perspectives...
Microsoft is turning the source code for its embedded .Net Micro Framework over to the community and slowly withdrawing from that business, company officials are confirming.
(Update on May 7: Microsoft disagrees with my characterization of this move as "withdrawing from the business." But I'm standing by what I said, while making it clear company officials didn't say they are withdrawing. To me, if you cut a bunch of a team and turn your...
More perspectives...
From groklaw.net
()
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
More perspectives...
From nvd.nist.gov
()
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
More perspectives...
From nvd.nist.gov
()
The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause...
More perspectives...
From nvd.nist.gov
()
