When working with Microsoft ASP.NET, a component of the Microsoft .NET Framework provides for session state management through a variety of modes. One such mode, called StateServer, stores session state information in a separate running process that can run on either the same machine as the ASP.NET-based application or on a different machine. An unchecked buffer in one of the routines handles the processing of cookies in StateServer mode, resulting in a security vulnerability.
Requirements:
Windows NT/2000/XP
Comments not found