Microsoft ASP.NET Forms versions 4.0.30319.237 and below suffer from an authentication bypass vulnerability.
7432953a885d29ecc984b1dab18e4eeeb9ab253b2c398a82436125325e03bc71Microsoft ASP.NET Forms suffers from a null byte termination authentication bypass vulnerability that exists in the CopyStringToUnAlingnedBuffer() function of the webengine4.dll library used by the .NET framework. The unicode string length is determined using the lstrlenW function. The lstrlenW function returns the length of the string, in characters not including the terminating null character. If the unicode string containing a null byte is passed, its length is incorrectly calculated, so only characters before the null byte are copied into the buffer.
294ae2596a2c31be82519bf63b2272b2e6a249e186db2e1ca5fab9dfb9f605e6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed