CVE-2011-1977

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework 4 Chart Control for Microsoft .NET Framework 3.5 SP1

Description An information disclosure issue exists due to the improper handling of special characters within a specially crafted URI by Microsoft Chart controls. This allows remote attackers to read arbitrary files, including sensitive information stored in files like web.config, within the web site directory or subdirectories. The consequences depend on the nature of the disclosed information. This issue does not allow code execution or direct user rights elevation but could facilitate further system compromise.

Recommendations For Microsoft .NET Framework 4, update to a version that properly verifies functions in URIs. For Chart Control for Microsoft .NET Framework 3.5 SP1, apply the necessary patch to correct the handling of special characters in URIs. As a temporary workaround, consider restricting access to sensitive files within the web site directory or subdirectories to minimize the risk of exploitation.