Vulnerabilities > CVE-2006-7192 - Unspecified vulnerability in Microsoft .Net Framework 2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Windows NASL id SMB_KB931212.NASL description The remote web server is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. - A ASP.NET NULL byte termination vulnerability could allow an attacker to retrieve contents from the web server. - A JIT compiler vulnerability could allow an attacker to execute arbitrary code with the privilege of the logged-on user. last seen 2020-05-16 modified 2007-07-11 plugin id 25700 published 2007-07-11 reporter This script is Copyright (C) 2007-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25700 title MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212) (uncredentialed check) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS07-040.NASL description The remote host is running a version of the ASP.NET framework that contains multiple vulnerabilities : - A PE Loader vulnerability could allow an attacker to execute arbitrary code with the privileges of the logged-on user. - An ASP.NET NULL byte termination vulnerability could allow an attacker to retrieve the content of the web server. - A JIT compiler vulnerability could allow an attacker to execute arbitrary code with the privileges of the logged-on user. last seen 2020-05-16 modified 2007-07-10 plugin id 25691 published 2007-07-10 reporter This script is Copyright (C) 2007-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/25691 title MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)