Microsoft's Indexing Service does not properly validate queries. This vulnerability may allow an attacker to run client-side scripts on behalf of a user.
Microsoft's Indexing Service allows users to quickly search computers and networks. This service can be used in combination with Internet Information Services (IIS) to enable IIS as a Web-based interface for the Indexing Service.
A cross-site scripting vulnerability on systems running the Indexing Service may allow an attacker to run a malicious script. This script could take any action on the user's computer that the vulnerable web site is legitimately authorized to take. For more information on cross-site scripting, see the CERT Cross-Site Scripting Vulnerabilities document.
If an attacker can trick or entice a user to follow a link, the attacker can execute script as the victim in the context of the zone in which the vulnerable server resides.
Thanks to Microsoft for supplying information on this vulnerability.
This document was written by Ryan Giobbi.
|Date First Published:||2006-09-12|
|Date Last Updated:||2006-09-15 20:36 UTC|