| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS11-066 | Vulnerability in Microsoft Chart Control Could Allow Information Disclosure (2567943) | Windows XP | Critical | 10-08-2011 |
Technical Information
Brief overview of the risk:
An information disclosure vulnerability exists in the way that Microsoft Chart controls incorrectly handle special characters within a specially crafted URI.
Detailed Information on the risk:
An attacker who successfully exploited this vulnerability would be able to read the contents of any file within the web site directory or subdirectories, such as web.config. The web.config file often stores sensitive information. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker’s user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.
Further information on this exploit is available at : MS11-066
Affected Software
Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1