A vulnerability in the Microsoft Indexing Service could allow an attacker to execute arbitrary code on an affected system.
The Microsoft Indexing Service provides applications and scripts with a means of managing, querying, and indexing information in file systems or web servers. It is included as a base service on some versions of Windows. A vulnerability exists in the way that the Indexing Service uses an unchecked buffer in the handling of queries. An attacker with the ability to supply a long, specially-crafted query to the Indexing Service may be able to exploit this vulnerability. Additional details about the nature of the query malformation exploiting this vulnerability are unknown.
The level of exposure to a vulnerable system is dependent on how the Indexing Service is configured:
An attacker may be able to execute code of their choosing on an affected system by constructing a malicious query. The attacker-supplied code would be executed with Local System privileges, resulting in a complete system compromise. Microsoft reports that while remote code execution is possible, an attack would most likely result in a denial of service condition.
Apply a patch from the vendor
Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified below.
Thanks to Microsoft Security for reporting this vulnerability.
This document was written by Chad Dougherty based on information provided by Microsoft.
|Date First Published:||2005-01-20|
|Date Last Updated:||2005-01-20 21:53 UTC|