The day of ASP. NET vulnerabilities
Microsoft released yesterday the MS07-040 bulletin regarding several vulnerabilities that have been discovered (and fixed) on ASP .NET.ASP .NET is generally considered a secure framework, so it's interesting to see so many vulnerabilities on the same bulletin including remote command execution and file retrieval:
http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
I remember seeing a demonstration of the command execution vulnerability in one of the OWASP meetings in London. Dinis Cruz, who discovered the vulnerability gave a demo to prove that buffer overflows CAN be exploited on ASP .NET, which goes against popular believe.
Dinis has been in charge of the OWASP .NET project since the year 2003 and has since then worked on numerous ASP .NET security projects.
http://www.microsoft.com/technet/security/Bulletin/MS07-040.mspx
I remember seeing a demonstration of the command execution vulnerability in one of the OWASP meetings in London. Dinis Cruz, who discovered the vulnerability gave a demo to prove that buffer overflows CAN be exploited on ASP .NET, which goes against popular believe.
Dinis has been in charge of the OWASP .NET project since the year 2003 and has since then worked on numerous ASP .NET security projects.
0 Comments:
Post a Comment
<< Home