SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Microsoft .NET Vendors:   Microsoft
Microsoft .NET XML Signature Validation Bug Lets Remote Users Bypass Document Signature Validation
SecurityTracker Alert ID:  1035213
SecurityTracker URL:  http://securitytracker.com/id/1035213
CVE Reference:   CVE-2016-0132   (Links to External Site)
Date:  Mar 8 2016
Impact:   Not specified
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1
Description:   A vulnerability was reported in Microsoft .NET. A remote user can bypass XML document signature validation on the target system.

The software does not properly validate certain elements of a signed XML document. A remote user can modify an XML document so that .NET will still validate the document's signature.

The specific impact depends on the application that processes the XML document.

Anders Abel of Kentor reported this vulnerability.

Impact:   A remote user can bypass XML signature validation on the target system. The specific impact depends on the application that processes the XML document.
Solution:   The vendor has issued a fix.

A patch matrix is available in the vendor's advisory.

The Microsoft advisory is available at:

https://technet.microsoft.com/library/security/ms16-035

Vendor URL:  technet.microsoft.com/library/security/ms16-035 (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (2008), Windows (2012), Windows (7), Windows (8), Windows (10), Windows (Vista)
Underlying OS Comments:  Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8.1, 2012, 2012 R2, RT 8.1, 10, 10 Version 1511

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC