Description:SPI Labs has reported a vulnerability in ASP.NET, which can be exploited by malicious people to cause a DoS (Denial of Service).The vulnerability is caused due to an input validation error in the "System.Xml.Serialization.Xml.XmlSerializationReader.ReadReferencedElements()" function. This can be exploited to cause an infinite loop and consume a large amount of CPU resources on a vulnerable system by sending a specially crafted SOAP message to a RCP/encoded web method, which takes an array as input.Solution:Use the document/literal mode for web services handling input from untrusted sources.The vulnerability will reportedly be fixed in an upcoming release.Provided and/or discovered by:Bryan Sullivan and Sacha Faust, SPI Labs.Original Advisory:SPI Labs:http://www.spidynamics.com/spilabs/advisories/aspRCP.htmlVia Secunia.Com