Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008(KB2418240) x86 based systems

Risk Information

Base Score

9.1

MODERATE

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

EPSS Score

Exploitation Probability

85.692%

CVE Information

Source CVE
CVE-2010-3332

Associated CVE
CVE-2010-3332

Patch Details

Patch associated with this vulnerability is supported by ManageEngine.

Patch ID
9198

Patch Description
Security Update for Microsoft .NET Framework 3.5 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008(KB2418240)

References

http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
http://isc.sans.edu/diary.html?storyid=9568
http://secunia.com/advisories/41409
http://securitytracker.com/id?1024459
http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
http://twitter.com/thaidn/statuses/24832350146
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx
http://www.microsoft.com/technet/security/advisory/2416728.mspx
http://www.microsoft.com/technet/security/Bulletin/MS10-070.mspx
http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle
http://www.securityfocus.com/bid/43316
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
http://www.vupen.com/english/advisories/2010/2429
http://www.vupen.com/english/advisories/2010/2751
https://exchange.xforce.ibmcloud.com/vulnerabilities/61898