| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS10-040 | Vulnerability in Internet Information Services Could Allow Remote Code Execution (982666) | Microsoft .NET | Critical | 09-06-2010 |
Technical Information
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in Microsoft .NET Framework. The vulnerability could allow data tampering of signed XML content without being detected. In custom applications, the security impact depends on how the signed content is used in the specific application. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Detailed Information on the risk:
A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Further information on this exploit is available at : MS10-041
Affected Software
Microsoft .NET Framework 1.0 Service Pack 3Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1