MS05-004: ASP.NET path validation vulnerability could allow unauthorized access

Article translations Article translations
Article ID: 887219 - View products that this article applies to.

Technical updates

  • June 14, 2005 After the release of this bulletin, it was determined that the update for the Microsoft .NET Framework 1.0 Service Pack 3 for the Microsoft Windows XP Tablet PC Edition operating system and the Microsoft Windows XP Media Center Edition operating system were failing to install when the update was distributed via SMS or AutoUpdate. The updated package corrects this behavior.
  • August 8, 2006 After the release of this bulletin, it was determined that the vulnerability also affects the Itanium-based versions of the Microsoft Windows Server 2003 operating systems, .NET Framework 1.1 Service Pack 1 for the 64-bit versions of the Microsoft Windows Server 2003 operating systems, and Windows XP Professional x64 Edition. Microsoft has updated the security bulletin MS05-004 with additional information about these operating systems in the “Affected Software” section.
Expand all | Collapse all
Microsoft has re-released security bulletin MS05-004. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site: For more information about the ASP.NET performance impact after you install security update MS05-004, click the following article numbers to view the articles in the Microsoft Knowledge Base:
891829 ASP.NET performance may be affected after you install security update MS05-004
894670 You may receive error messages when you browse or try to debug an ASP.NET application after you install security update 887219 (MS05-004)
For more information about how to troubleshoot Microsoft .NET Framework 1.1 installation issues, click the following article number to view the article in the Microsoft Knowledge Base:
824643 How to troubleshoot Microsoft .NET Framework 1.1 installation issues in Windows XP or in Windows 2000
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
268800 Windows Installer must have original source files when you apply a patch
For more information about an HTTP module to check for canonicalization issues with ASP.NET, click the following article number to view the article in the Microsoft Knowledge Base:
887289 HTTP module to check for canonicalization issues with ASP.NET
For more information about how to use the ASP.NET ValidatePath Module Scanner, click the following article number to view the article in the Microsoft Knowledge Base:
887290 How to use the ASP.NET ValidatePath Module Scanner (VPModuleScanner.js)

MORE INFORMATION

The MS05-004 security update that you install depends of the configuration of your computer. The following is a list of the different MS05-004 updates by operating system.

Security update 886906

Security update 886906 is for the Microsoft .NET Framework 1.0 Service Pack 3 for the following operating systems:
  • Microsoft Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
  • Windows XP Service Pack 1 or Windows XP Service Pack 2
  • Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems
  • Windows Vista

Security update 887998

Security update 887998 is for the .NET Framework 1.0 Service Pack 3 for the following operating systems:
  • Windows XP Tablet PC Edition
  • Windows XP Media Center Edition

Security update 886905

Security update 886905 is for the .NET Framework 1.0 Service Pack 2 for the following operating systems:
  • Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
  • Windows XP Service Pack 1 or Windows XP Service Pack 2
  • Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack 1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems

Security update 887999

Security update 887999 is for the .NET Framework 1.0 Service Pack 2 for the following operating systems:
  • Windows XP Tablet PC Edition
  • Windows XP Media Center Edition

Security update 886903

Security update 886903 is for the .NET Framework 1.1 Service Pack 1 for the following operating systems:
  • Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
  • Windows XP Service Pack 1 or Windows XP Service Pack 2
  • Windows XP Tablet PC Edition
  • Windows XP Media Center Edition
  • Windows XP Professional x64 Edition or Windows XP Professional x64 Edition Service Pack 2
  • Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack 1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems

Security update 886904

Security update 886904 is for the .NET Framework 1.1 for the following operating systems:
  • Windows 2000 Service Pack 3 or Windows 2000 Service Pack 4
  • Windows XP Service Pack 1 or Windows XP Service Pack 2
  • Windows XP Tablet PC Edition
  • Windows XP Media Center Edition
  • Windows Server 2003, Windows Server 2003 Service Pack 1, or Windows Server 2003 Service Pack 2
  • Windows Server 2003 x64 Edition or Windows Server 2003 x64 Edition Service Pack 2
  • Windows Server 2003 for Itanium-based Systems, Windows Server 2003 with Service Pack 1 for Itanium-based Systems, or Windows Server 2003 with Service Pack 2 for Itanium-based Systems

Properties

Article ID: 887219 - Last Review: December 3, 2007 - Revision: 6.4
APPLIES TO
  • Microsoft .NET Framework 1.0 Service Pack 2
  • Microsoft .NET Framework 1.0 Service Pack 3
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.1 Service Pack 1
Keywords: 
kbfix kbbug kbsecvulnerability kbsecurity kbsecbulletin KB887219

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com