CVE-2005-0452

ASP.NET 1.0-1.1 SP1 - Cross-Site Scripting via Unicode Fullwidth Character Conversion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0452. PoCs published by Andrey Rusyaev.

AI-analyzed exploit summary The exploit describes a cross-site scripting (XSS) vulnerability in ASP.NET due to improper handling of Unicode characters (U+ff00-U+ff60). An attacker can craft a malicious link with arbitrary HTML or script code to execute in a user's browser.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".

Exploits (1)

exploitdb WRITEUP VERIFIED
by Andrey Rusyaev · textwebappsasp
https://www.exploit-db.com/exploits/25110

The exploit describes a cross-site scripting (XSS) vulnerability in ASP.NET due to improper handling of Unicode characters (U+ff00-U+ff60). An attacker can craft a malicious link with arbitrary HTML or script code to execute in a user's browser.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: ASP.NET (unspecified version)
No auth needed
Prerequisites: A vulnerable ASP.NET application · User interaction to click a malicious link
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110867912714913&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14214
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12574

Scores

EPSS 0.2337
EPSS Percentile 97.5%

Details

Status published
Products (2)
microsoft/asp.net 1.0 (3 CPE variants)
microsoft/asp.net 1.1 (2 CPE variants)
Published Feb 16, 2005
Tracked Since Feb 18, 2026