MS06-056: ASP.NET XSS Information Disclosure Vulnerability (moderate)

Published: 2006-10-10
Last Updated: 2006-10-10 18:39:10 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
A XSS vulnerabiity in ASP.NET could allow information disclosure. The bulletin is a bit vague on the details, but it does mention a problem with headers. Typically, cookie information could be disclosed using XSS attacks. In turn, the cookie information can be used to impersonate an authenticated user.

The script inserted with XSS will inherit all the capabilities the particular user has. For example, a user could be tricked into clicking a link that will escalate privileges for a malicious user. Exploitation typially requires intimate knowledge of the respective web based application.

XSS exploits are typically not browser specific. Any browser is "vulnerable" given that the actual problem is the web based application. Turning off javascript may help, but then again, you will hit this issue typically as you visit a trusted web site (for example you own web site written in ASP.NET).

You will probably consider this problem more severe ("critical") if you use ASP.NET extensively to manage internal applications. However, on the same note first test the page using your specific web based applications.

Other mitigation steps: Disable ASP.NET if not used on your web server.

This patch is not important for workstations and only applies to servers running web sites with ASP.NET support turned on.

Keywords: MSFT1006
0 comment(s)


Diary Archives