Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.

Click here to create a
FREE account

Already have an account?
[Click here to Login]


	Search KbAlertz Advanced Search

Webmasters
Put kbAlertz on your website.
[ Click Here for more! ]

Discount ASP.NET Hosting
ASP.NET 2.0 and 3.5
Windows2008 and SQL2008
US and UK Hosting
The ad says 3 - but KBAlertz referrals get
** SIX MONTHS FREE **

For bug tracking software or defect tracking software or issue tracking software, visit Axosoft.

Community Site

We Send hundreds of thousands of emails using ASP.NET Email

Expert Web Design & Graphic Design
Design44.com

Discount ASP.NET Hosting
ASP.NET 2.0 and 3.5
Windows2008 and SQL2008
US and UK Hosting
The ad says 3 - but KBAlertz referrals get
** SIX MONTHS FREE **

Mentioned In

Leave / Read
Community Feedback

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks

Article ID: 887219 - Last Review: December 3, 2007 - Revision: 6.4

MS05-004: ASP.NET path validation vulnerability could allow unauthorized access

View products that this article applies to.

Technical updates

June 14, 2005 After the release of this bulletin, it was determined that the update for the Microsoft .NET Framework 1.0 Service Pack 3 for the Microsoft Windows XP Tablet PC Edition operating system and the Microsoft Windows XP Media Center Edition operating system were failing to install when the update was distributed via SMS or AutoUpdate. The updated package corrects this behavior.
August 8, 2006 After the release of this bulletin, it was determined that the vulnerability also affects the Itanium-based versions of the Microsoft Windows Server 2003 operating systems, .NET Framework 1.1 Service Pack 1 for the 64-bit versions of the Microsoft Windows Server 2003 operating systems, and Windows XP Professional x64 Edition. Microsoft has updated the security bulletin MS05-004 with additional information about these operating systems in the â€œAffected Softwareâ€ section.

Expand all | Collapse all

Microsoft has re-released security bulletin MS05-004. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

Home users:
http://www.microsoft.com/protect/computer/updates/bulletins/default.mspx (http://www.microsoft.com/protect/computer/updates/bulletins/default.mspx)
IT professionals:
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx (http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx)

For more information about the ASP.NET performance impact after you install security update MS05-004, click the following article numbers to view the articles in the Microsoft Knowledge Base:

891829Â (http://kbalertz.com/Feedback.aspx?kbNumber=891829/ ) ASP.NET performance may be affected after you install security update MS05-004

894670Â (http://kbalertz.com/Feedback.aspx?kbNumber=894670/ ) You may receive error messages when you browse or try to debug an ASP.NET application after you install security update 887219 (MS05-004)

For more information about how to troubleshoot Microsoft .NET Framework 1.1 installation issues, click the following article number to view the article in the Microsoft Knowledge Base:

824643Â (http://kbalertz.com/Feedback.aspx?kbNumber=824643/ ) How to troubleshoot Microsoft .NET Framework 1.1 installation issues in Windows XP or in Windows 2000

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

268800Â (http://kbalertz.com/Feedback.aspx?kbNumber=268800/ ) Windows Installer must have original source files when you apply a patch

For more information about an HTTP module to check for canonicalization issues with ASP.NET, click the following article number to view the article in the Microsoft Knowledge Base:

887289Â (http://kbalertz.com/Feedback.aspx?kbNumber=887289/ ) HTTP module to check for canonicalization issues with ASP.NET

For more information about how to use the ASP.NET ValidatePath Module Scanner, click the following article number to view the article in the Microsoft Knowledge Base:

887290Â (http://kbalertz.com/Feedback.aspx?kbNumber=887290/ ) How to use the ASP.NET ValidatePath Module Scanner (VPModuleScanner.js)

MORE INFORMATION

The MS05-004 security update that you install depends of the configuration of your computer. The following is a list of the different MS05-004 updates by operating system.

Security update 886906

Security update 886906 is for the Microsoft .NET Framework 1.0 Service Pack 3 for the following operating systems:

Microsoft Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
Windows XP Service Pack 1 or Windows XP Service Pack 2
Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems
Windows Vista

Security update 887998

Security update 887998 is for the .NET Framework 1.0 Service Pack 3 for the following operating systems:

Windows XP Tablet PC Edition
Windows XP Media Center Edition

Security update 886905

Security update 886905 is for the .NET Framework 1.0 Service Pack 2 for the following operating systems:

Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
Windows XP Service Pack 1 or Windows XP Service Pack 2
Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack 1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems

Security update 887999

Security update 887999 is for the .NET Framework 1.0 Service Pack 2 for the following operating systems:

Windows XP Tablet PC Edition
Windows XP Media Center Edition

Security update 886903

Security update 886903 is for the .NET Framework 1.1 Service Pack 1 for the following operating systems:

Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
Windows XP Service Pack 1 or Windows XP Service Pack 2
Windows XP Tablet PC Edition
Windows XP Media Center Edition
Windows XP Professional x64 Edition or Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack 1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems

Security update 886904

Security update 886904 is for the .NET Framework 1.1 for the following operating systems:

Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
Windows XP Service Pack 1 or Windows XP Service Pack 2
Windows XP Tablet PC Edition
Windows XP Media Center Edition
Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack 1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems

APPLIES TO

Microsoft .NET Framework 1.0 Service Pack 2
Microsoft .NET Framework 1.0 Service Pack 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Service Pack 1

Back to the top

kbfix kbbug kbsecvulnerability kbsecurity kbsecbulletin KB887219

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Be the first to leave feedback, to help others about this knowledge base article.

(Optional) Name

(Optional) Public URL Or Email

Comments
No HTML -- Text Only Please


	Copyright © 2002-2007 KBALERTZ.COM. All Rights Reserved. Terms / Privacy. Discount ASP.NET Hosting

KBAlertz.com: (887219) - Describes a security update that resolves a public vulnerability in ASP.NET that could allow an attacker to bypass the security of an ASP.NET Web site and gain unauthorized access.