Reported June 6, 2002, by Microsoft.
· Microsoft ASP.NET component of the Microsoft .NET Framework 1.0
A vulnerability exists in the ASP.NET component of the Microsoft .NET Framework 1.0 that can result in a Denial of Service (DoS) condition or execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer in a routine that handles cookie processing in the StateServer mode. StateServer mode, however, is not the default session state mode for session management. This vulnerability is present only when the vulnerable system is using StateServer mode in conjunction with cookies.
Discovered by Microsoft.