Vulnerability Note VU#108884
Microsoft Indexing Services vulnerable to cross-site scripting
Microsoft's Indexing Service does not properly validate queries. This vulnerability may allow an attacker to run client-side scripts on behalf of a user.
Microsoft's Indexing Service allows users to quickly search computers and networks. This service can be used in combination with Internet Information Services (IIS) to enable IIS as a Web-based interface for the Indexing Service.
A cross-site scripting vulnerability on systems running the Indexing Service may allow an attacker to run a malicious script. This script could take any action on the user's computer that the vulnerable web site is legitimately authorized to take. For more information on cross-site scripting, see the CERT Cross-Site Scripting Vulnerabilities document.
If an attacker can trick or entice a user to follow a link, the attacker can execute script as the victim in the context of the zone in which the vulnerable server resides.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||12 Sep 2006|
CVSS Metrics (Learn More)
Thanks to Microsoft for supplying information on this vulnerability.
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-0032
- Date Public: 12 Sep 2006
- Date First Published: 12 Sep 2006
- Date Last Updated: 15 Sep 2006
- Severity Metric: 1.06
- Document Revision: 23
If you have feedback, comments, or additional information about this vulnerability, please send us email.