Published:2006/09/13 Last Updated:2008/05/21
JVN#52201480
Microsoft Windows Indexing Service cross-site scripting vulnerability
Overview
Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.
Products Affected
- Windows 2000
- Windows XP
- Windows 2000 Server
- Windows Server 2003
Description
Impact
If the Indexing Service in Internet Information Services (IIS) provides search capabilities, an arbitrary script could be executed on the user's web browser.
Solution
Vendor Status
| Vendor | Link |
| Microsoft Corporation |
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) |
References
- Vulnerability Note VU#108884
Microsoft Indexing Services vulnerable to cross-site scripting
JPCERT/CC Addendum
Credit
Eiji James Yoshida of penetration technique research site reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2006-0032 VU#108884,MS06-053 |
| JVN iPedia |
JVNDB-2006-000326 |