Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability

Microsoft ASP.NET RPC/Encoded Remote Denial Of Service Vulnerability

ASP.NET is susceptible to a remote denial of service vulnerability. This issue is due to the possibility of causing an infinite loop on the server when handling RPC/encoded requests.

This issue presents itself when an RPC/encoded Web method accepts an array or object derived from 'IList'. By sending a specially crafted XML request, the 'aspnet_wp.exe' executable enters into an infinite loop.

Remote attackers may exploit this vulnerability to consume excessive CPU resources, potentially denying service to legitimate users.