SynopsisIt is possible to tamper with signed XML content without being detected on the remote web server.
DescriptionA data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
SolutionMicrosoft has released a set of patches for .NET Framework 3.0, 3.5, and 4.0.