Users login

Create an account »


Users login

Home » Hacking News » Microsoft ASP.NET StateServer Cookie Handling Buffer Overflow Vulnerability

Microsoft ASP.NET StateServer Cookie Handling Buffer Overflow Vulnerability

by Nikola Strahija on June 9th, 2002 The StateServer process suffers from a buffer overflow vulnerability when processing large cookie data. Exploitation may lead to a denial of service condition. It may be possible to execute arbitrary code as the server process, this has not however been confirmed.

Microsoft's ASP.NET is a collection of technology. ASP.NET supports a range of common HTTP tasks, including the ability to maintain session state through the usage of client cookies. This may be accomplished through the use of ASP.NET's StateServer mode, in which state information is stored in a separate server process.

Remote: Yes

Exploit: No

Solution: A patch is available from Microsoft for .NET Framework 1.0 SP1. This fix will be included in SP2.

Microsoft has advised ensuring that VS.NET is closed prior to manually installing any available patch.

Patches available:

Microsoft .NET Framework 1.0 SP1:

Microsoft Patch Q322289
To be applied to Microsoft .NET Framework 1.0 SP1.

Microsoft .NET Framework 1.0:

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »