Vigil@nce - Microsoft .NET: bypassing XML signature
May 2016 by Vigil@nce
This bulletin was written by Vigil@nce : https://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can alter an XML document, which is not detected as
modified by Microsoft .NET.
Impacted products: .NET Framework, Windows 10, Windows 2008 R0,
Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT,
Windows Vista.
Severity: 2/4.
Creation date: 08/03/2016.
DESCRIPTION OF THE VULNERABILITY
The Microsoft .NET product can check the signature of an XML
document.
However, even if an attacker alters a document, Microsoft .NET
indicates that the signature is still valid.
An attacker can therefore alter an XML document, which is not
detected as modified by Microsoft .NET.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
https://vigilance.fr/vulnerability/Microsoft-NET-bypassing-XML-signature-19133