This of course is not needed if you don't have .NET 2.0 installed, or if it's installed but disabled.
----- Original Message ----- TITLE: Microsoft .NET Framework Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA22307 VERIFY ADVISORY: http://secunia.com/advisories/22307/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: Microsoft .NET Framework 2.x http://secunia.com/product/6456/ DESCRIPTION: A vulnerability has been reported in ASP.NET 2.0, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary code in a users browser-session associated with a vulnerable website. Successful exploitation requires that the "AutoPostBack" feature is set to "true" (not the default setting). SOLUTION: Apply patch: Microsoft .NET Framework 2.0: http://www.microsoft.com/downloads/details.aspx?FamilyId=34C375AA-2F54-4416-B1FC-B73378492AA6 ORIGINAL ADVISORY: MS06-056 (KB922770): http://www.microsoft.com/technet/security/Bulletin/MS06-056.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
