Skip to main content

Microsoft Windows Chart Control Information Disclosure Vulnerability

Last Update Date: 10 Aug 2011 12:25 Release Date: 10 Aug 2011 6155 Views

RISK: Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

An information disclosure vulnerability exists in the way that Microsoft Chart controls incorrectly handle special characters within a specially crafted URI. An attacker who successfully exploited this vulnerability would be able to read the contents of any file within the web site directory or subdirectories, such as web.config. The web.config file often stores sensitive information. The consequences of the disclosure of that information depend on the nature of the information itself. Note that this vulnerability would not allow an attacker to execute code or to elevate the attacker's user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.


Impact

  • Information Disclosure

System / Technologies affected

  • Microsoft .NET Framework 3.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link