CVE-2010-3332

N/A Unknown
Published: September 22, 2010 Modified: April 29, 2026
View on NVD

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
Source: secure@microsoft.com
Vendor Advisory
http://isc.sans.edu/diary.html?storyid=9568
Source: secure@microsoft.com
Third Party Advisory
http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/
Source: secure@microsoft.com
Third Party Advisory
http://secunia.com/advisories/41409
Source: secure@microsoft.com
Third Party Advisory
http://securitytracker.com/id?1024459
Source: secure@microsoft.com
Third Party Advisory VDB Entry
http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
Source: secure@microsoft.com
Third Party Advisory
http://twitter.com/thaidn/statuses/24832350146
Source: secure@microsoft.com
Broken Link
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Source: secure@microsoft.com
Mitigation Third Party Advisory
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx
Source: secure@microsoft.com
Third Party Advisory
http://www.ekoparty.org/juliano-rizzo-2010.php
Source: secure@microsoft.com
Broken Link
http://www.microsoft.com/technet/security/advisory/2416728.mspx
Source: secure@microsoft.com
Broken Link
http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle
Source: secure@microsoft.com
Exploit Third Party Advisory
http://www.securityfocus.com/bid/43316
Source: secure@microsoft.com
Third Party Advisory VDB Entry
http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security
Source: secure@microsoft.com
Third Party Advisory
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
Source: secure@microsoft.com
Exploit Third Party Advisory
http://www.vupen.com/english/advisories/2010/2429
Source: secure@microsoft.com
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2751
Source: secure@microsoft.com
Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070
Source: secure@microsoft.com
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61898
Source: secure@microsoft.com
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12365
Source: secure@microsoft.com
Third Party Advisory
http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://isc.sans.edu/diary.html?storyid=9568
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://pentonizer.com/general-programming/aspnet-poet-vulnerability-what-else-can-i-do/
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/41409
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://securitytracker.com/id?1024459
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://threatpost.com/en_us/blogs/new-crypto-attack-affects-millions-aspnet-apps-091310
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://twitter.com/thaidn/statuses/24832350146
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Mitigation Third Party Advisory
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryId/2799/Oracle-Padding-Vulnerability-in-ASP-NET.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.ekoparty.org/juliano-rizzo-2010.php
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.microsoft.com/technet/security/advisory/2416728.mspx
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mono-project.com/Vulnerabilities#ASP.NET_Padding_Oracle
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://www.securityfocus.com/bid/43316
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.theinquirer.net/inquirer/news/1732956/security-researchers-destroy-microsoft-aspnet-security
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.troyhunt.com/2010/09/fear-uncertainty-and-and-padding-oracle.html
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://www.vupen.com/english/advisories/2010/2429
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2751
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/61898
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12365
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

40 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
67.5%
99th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-209

Affected Vendors

microsoft

Related CVEs

CVE-2026-8662 3.3
CVE-2026-8658 6.0
CVE-2026-8666 7.7
CVE-2026-8665 7.7
CVE-2026-8664 6.0