CVE-2007-0042

high Microsoft
CVSS v3 Base Score
7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
EPSS Score
81.9%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
None
Availability
None
Published: July 10, 2007 (6882 days ago)
Last Modified: April 23, 2026
Vendor: Microsoft
Source: NVD

Description

Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."

CWE

CWE-200

Affected Products

microsoft .net framework

References

🔗 archive.cert.uni-stuttgart.de 🔗 secunia.com 🔗 security-assessment.com 🔗 www.securitytracker.com 🔗 www.us-cert.gov