CVE-2007-0042

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 1.0 through 2.0

Description The issue is related to an interpretation conflict in ASP.NET within Microsoft .NET Framework, allowing remote attackers to access configuration files, obtain sensitive information, and possibly bypass security mechanisms. This is due to the different handling of %00 characters as a string terminator in POSIX functions and as a data character in .NET strings. An attacker could exploit this to download the contents of any Web page on an ASP.NET Web site, effectively bypassing its security features.

Recommendations For Microsoft .NET Framework versions 1.0 through 2.0, update to a version that includes the fix for this issue to prevent information disclosure and potential security mechanism bypass.