N/A

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

N/A

N/A

Microsoft .Net Framework多个空字节注入漏洞(MS07-040)

Microsoft .NET Framework是美国微软（Microsoft）公司开发的一种全面且一致的编程模型，也是一个用于构建Windows、Windows Store、Windows Phone、Windows Server和Microsoft Azure的应用程序的开发平台。该平台包括C#和Visual Basic编程语言、公共语言运行库和广泛的类库。 .NET Framework在处理网页请求时存在漏洞，远程攻击可能利用此漏洞绕过安全限制访问到敏感信息。 .NET Framework的Serv

N/A

N/A