Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-041.
Impact
Successful exploitation will allow the attackers to forge an XML signature that will be accepted as valid or to bypass security restrictions.
Impact Level: System/Application.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS10-041
Insight
The issue is caused by an error in the XML Signature Syntax and Processing (XMLDsig) implementation that rely on the 'HMACOutputLength' parameter to determine the number of bytes of the signature to be verified.
Affected
Microsoft .NET Framework 3.5/SP 1
Microsoft .NET Framework 1.1 SP 1
Microsoft .NET Framework 1.0 SP 3
Microsoft .NET Framework 2.0 SP 1/SP 2
References
Severity
Classification
-
CVE CVE-2009-0217 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Exchange 2000 Exhaust CPU Resources (Q320436)
- Flaw in SMB Signing Could Enable Group Policy to be Modified (329170)
- Microsoft SharePoint Server Remote Code Execution Vulnerability (2904244)
- Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
- Microsoft Windows DirectWrite Denial of Service Vulnerability (2665364)