=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN064
_____________________________________________________________________

DATE                      : 09/02/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running ASP.NET.

======================================================================

MS05-004
Title:  ASP.NET Path Validation Vulnerability (887219)

Affected Software:
  - Microsoft .NET Framework 1.0 Service Pack 2 and Service Pack 3
  - Microsoft .NET Framework 1.1 (All Versions)

Affected Components:
  - ASP.NET

Impact of Vulnerability: Information Disclosure, possible Elevation
of Privilege
Maximum Severity Rating: Important

Restart required: Yes

Update can be uninstalled: Yes

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-004.mspx

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================