CVE-2007-0042: Infoleak
First published: Tue Jul 10 2007(Updated: )
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 2000 | ||
| Microsoft Windows Server 2003 | ||
| Microsoft Windows Vista | ||
| Microsoft Windows XP | ||
| Microsoft .NET Framework 4 | =1.0 | |
| Microsoft .NET Framework 4 | =1.1 | |
| Microsoft .NET Framework 4 | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://security-assessment.com/files/advisories/2007-07-11_Multiple_.NET_Null_Byte_Injection_Vulnerabilities.pdf
- http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
- http://www.us-cert.gov/cas/techalerts/TA07-191A.html
- http://www.securitytracker.com/id?1018356
- http://secunia.com/advisories/26003
- http://www.vupen.com/english/advisories/2007/2482
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2070
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-040
Frequently Asked Questions
What is the severity of CVE-2007-0042?
CVE-2007-0042 has a high severity rating due to its potential for unauthorized access to sensitive configuration files.
How do I fix CVE-2007-0042?
To fix CVE-2007-0042, update the Microsoft .NET Framework to a version that addresses this vulnerability.
What are the affected versions in CVE-2007-0042?
CVE-2007-0042 affects Microsoft .NET Framework versions 1.0, 1.1, and 2.0.
Can CVE-2007-0042 be exploited remotely?
Yes, CVE-2007-0042 can be exploited remotely by attackers targeting vulnerable applications.
What types of systems are vulnerable to CVE-2007-0042?
CVE-2007-0042 affects systems running Microsoft Windows 2000, XP, Server 2003, and Vista with the vulnerable versions of .NET Framework.
- collector/nvd-historical
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 2000
- canonical/microsoft windows server 2003
- canonical/microsoft windows vista
- canonical/microsoft windows xp
- canonical/microsoft .net framework 4
- version/microsoft .net framework 4/1.0
- version/microsoft .net framework 4/1.1
- version/microsoft .net framework 4/2.0