CVE-2010-3332

CVE Database · CVE-2010-3332

CVE-2010-3332

· N/AModified

CVSS v3.1

N/A

EPSS

67.48%

Published

Sep 22, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (4)

All weaponized →

Exploit-DBMicrosoft ASP.NET - Padding Oracle (MS10-070)Exploit-DBMicrosoft ASP.NET - Padding Oracle File Download (MS10-070)Exploit-DBMicrosoft ASP.NET - Auto-Decryptor File Download (MS10-070)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."

Weaknesses (CWE)

CWE-209

Affected Products (8)

microsoft · .net_frameworkvulnerable