Summary
A cross-site scripting vulnerability exists in a server running a vulnerable version of the .Net Framework 2.0 that could inject a client side script in the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected web site.
Solution
Microsoft has released a patch to correct this issue, you can download it from the following web site:
http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx
Severity
Classification
-
CVE CVE-2006-3436 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340)
- Microsoft JScript and VBScript Scripting Engines Information Disclosure Vulnerability (2475792)
- Microsoft Windows Active Directory Denial of Service Vulnerability (2830914)
- Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
- Microsoft AntiXSS Library Information Disclosure Vulnerability (2607664)