Summary
This Information Disclosure vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folders explicitly by name.
this could be used to produce useful information that could be used to try to further compromise the affected system.
Solution
Microsoft has released a patch to correct this issue, you can download it from the following web site:
http://www.microsoft.com/technet/security/bulletin/ms06-033.mspx
Severity
Classification
-
CVE CVE-2006-1300 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Kerberos Denial of Service Vulnerability (977290)
- Microsoft Windows Active Directory SPN Denial of Service (2478953)
- Microsoft VS Team Foundation Server SignalR XSS Vulnerability (2905244)
- Microsoft .NET Framework Denial of Service Vulnerability (2990931)
- Microsoft SharePoint Server Remote Code Execution Vulnerability (2904244)