• info
• discussion
• exploit
• solution
• references

Microsoft .NET Framework CVE-2011-3416 ASP.NET Forms Authentication Bypass Vulnerability

Solution:
The vendor released an update. Please see the references for more information.


Microsoft .NET Framework 2.0 SP2

• Microsoft Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2003 and Windows X
  http://www.microsoft.com/downloads/details.aspx?familyid=eff633f7-abd9 -45cc-acbd-4885123dbed2


• Microsoft Security Update for Microsoft .NET Framework 2.0 Service Pack 2 on Windows Vista Service Pack 2 and
  http://www.microsoft.com/downloads/details.aspx?familyid=49050cf2-949a -40e5-b2ee-6257a3837294

Microsoft .NET Framework 4.0

• Microsoft Security Update for Microsoft .NET Framework 4
  http://www.microsoft.com/downloads/details.aspx?familyid=37a8fb34-e3ad -4605-980b-28361889ce72

Microsoft .NET Framework 1.1 SP1

• Microsoft Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows Server 2003 Service Pack
  http://www.microsoft.com/downloads/details.aspx?familyid=7538762a-50e9 -4f13-a60e-ff99aa8fbbf8


• Microsoft Security Update for Microsoft .NET Framework 1.1 Service Pack 1 on Windows XP, Windows Server 2003 (
  http://www.microsoft.com/downloads/details.aspx?familyid=471e1f51-c79c -4285-9f1e-aee1e4c4f189

Microsoft .NET Framework 3.5 SP1

• Microsoft Security Update for Microsoft .NET Framework 3.5 Service Pack 1 on Windows XP, Windows Server 2003,
  http://www.microsoft.com/downloads/details.aspx?familyid=306acd0a-bea2 -40dd-a639-f381587c9eb7


• Microsoft Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2
  http://www.microsoft.com/downloads/details.aspx?familyid=2de28d32-1efd -4177-82e6-19a08266096c


• Microsoft Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 Service Pack 1 and Windows Server 20
  http://www.microsoft.com/downloads/details.aspx?familyid=26e0b56d-9228 -49cf-9276-0741257567a9