Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Windows : Microsoft Bulletins
Title:Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)
Summary:This host is missing a critical security update according to; Microsoft Bulletin MS10-041.
This host is missing a critical security update according to
Microsoft Bulletin MS10-041.

Vulnerability Insight:
The issue is caused by an error in the XML Signature Syntax and Processing
(XMLDsig) implementation that rely on the 'HMACOutputLength' parameter to
determine the number of bytes of the signature to be verified.

Vulnerability Impact:
Successful exploitation will allow the attackers to forge an XML signature that
will be accepted as valid or to bypass security restrictions.

Affected Software/OS:
- Microsoft .NET Framework 3.5/SP 1

- Microsoft .NET Framework 1.1 SP 1

- Microsoft .NET Framework 1.0 SP 3

- Microsoft .NET Framework 2.0 SP 1/SP 2

The vendor has released updates. Please see the references for more information.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0217
BugTraq ID: 35671
Cert/CC Advisory: TA09-294A
Cert/CC Advisory: TA10-159B
CERT/CC vulnerability note: VU#466161
Debian Security Information: DSA-1995 (Google Search)
HPdes Security Advisory: HPSBUX02476
HPdes Security Advisory: SSRT090250
Microsoft Security Bulletin: MS10-041
RedHat Security Advisories: RHSA-2009:1200
RedHat Security Advisories: RHSA-2009:1201
RedHat Security Advisories: RHSA-2009:1428
RedHat Security Advisories: RHSA-2009:1636
RedHat Security Advisories: RHSA-2009:1637
RedHat Security Advisories: RHSA-2009:1649
RedHat Security Advisories: RHSA-2009:1650
SuSE Security Announcement: SUSE-SA:2009:053 (Google Search)
SuSE Security Announcement: SUSE-SA:2010:017 (Google Search)
CopyrightCopyright (C) 2010 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2022 E-Soft Inc. All rights reserved.