ASP.NET provided by Microsoft contains an open redirect vulnerability due to an issue in the login component. Therefore a web application that implements ASP.NET may be vulnerable.
The user who accesses the web application that implements ASP.NET may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack.
Update the software
This vulnerability was resolved in MS11-100.
Apply the update according to the information provided by Microsoft.