Microsoft .NET Framework XML Signature HMAC Truncation Authentication Bypass Vulnerability( 09 June 2010 )

Last Update Date: 28 Jan 2011 Release Date: 9 Jun 2010 5263 Views

RISK: Medium Risk

A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.

Impact

Data Manipulation

System / Technologies affected

Microsoft Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Microsoft .NET Framework 1.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch

Microsoft Windows 2000 Service Pack 4
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 2
Windows XP Service Pack 2
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Media Center Edition 2005 only)
Windows XP Service Pack 3
- Microsoft .NET Framework 1.0 Service Pack 3 (Windows XP Media Center Edition 2005 and Windows XP Tablet PC Edition 2005 only)
Windows XP Service Pack 2 and Windows XP Service Pack 3
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows XP Professional x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2003 Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2003 x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft .NET Framework 1.1 Service Pack 1
- Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
Windows Vista Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Vista Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
Windows Vista x64 Edition Service Pack 1
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Vista x64 Edition Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2008 for 32-bit Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2008 for x64-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- >Microsoft .NET Framework 1.1 Service Pack 1
Windows Server 2008 for Itanium-based Systems
- Microsoft .NET Framework 2.0 Service Pack 1 and Microsoft .NET Framework 3.5
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows Server 2008 for Itanium-based Systems Service Pack 2
- Microsoft .NET Framework 2.0 Service Pack 2 and Microsoft .NET Framework 3.5 Service Pack 1
Windows 7 for 32-bit Systems
- Microsoft .NET Framework 3.5.1
Windows 7 for x64-based Systems
- Microsoft .NET Framework 3.5.1
Windows Server 2008 R2 for x64-based Systems
- Microsoft .NET Framework 3.5.1
Windows Server 2008 R2 for Itanium-based Systems
- Microsoft .NET Framework 3.5.1

Vulnerability Identifier

CVE-2009-0217

Source

Related Link

Share with

OpenOffice.org Code Execution and Security Bypass Vulnerabilities

8 Jun 2010 5278 Views

Apple Safari Multiple Vulnerabilities

9 Jun 2010 5551 Views