From: "Geo." 

"Mike N."  wrote in message
news:f8ecq21djm83rovd4meg9q0el5236mqg4j{at}4ax.com...

>   Not bigger - it's more like Win32 code is the juicy fruit on the low
> hanging branches.  .NET exploits are the scrawny twigs on the top of the
> tree.   There may be a few escalation of privilege exploits in there that
> may become more popular as Vista, but nothing compared to the holes still
> residing in Office apps file formats, and Adobe Hackrobat.

I thought PHP was the low hanging fruit? 

Microsoft .NET Framework Request Filtering Bypass Vulnerability 2006-10-30
http://www.securityfocus.com/bid/20753

Microsoft ASP.NET AutoPostBack Variable Cross-Site Scripting Vulnerability 2006-10-13
http://www.securityfocus.com/bid/20337

Microsoft ASP.NET Application Folder Information Disclosure Vulnerability 2006-07-13
http://www.securityfocus.com/bid/18920

Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability 2005-08-17
http://www.securityfocus.com/bid/14594

Microsoft ASP.NET URI Canonicalization Unauthorized Web Access
Vulnerability 2004-10-06
http://www.securityfocus.com/bid/11342


Ok that doesn't look excessive until you consider that you didn't need the
framework at all prior to that.. It's just more crap to patch.

Geo.

--- BBBS/NT v4.01 Flag-5