Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS11-066.

Impact

Successful exploitation could allow attacker to gain access to sensitive information that may aid in further attacks. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx

Insight

The flaw is due to an error in the ASP.NET Chart controls when encountering special characters within a URI. This can be exploited to read the contents of arbitrary files in the web site directory or subdirectories via a specially crafted GET request to a server hosting the Chart controls.

Affected

Microsoft .NET Framework 4.0 Microsoft Chart Control for .NET Framework 3.5 SP1

References

http://secunia.com/advisories/45508/
http://support.microsoft.com/kb/2487367
http://support.microsoft.com/kb/2500170
http://www.microsoft.com/technet/security/bulletin/ms11-066.mspx

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1977
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Microsoft SharePoint Server Remote Code Execution Vulnerability (2904244)
Microsoft Remote Desktop Tampering Vulnerability (2969259)
Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
Microsoft Silverlight Information Disclosure Vulnerability (2890788)
Microsoft Visual Studio Privilege Elevation Vulnerability (2651019)

Take action and discover your vulnerabilities