search menu icon-carat-right cmu-wordmark

CERT Coordination Center


Microsoft Windows 2000 Indexing Services enumerates local file locations via ixsso.query ActiveX object

Vulnerability Note VU#829845

Original Release Date: 2002-09-27 | Last Revised: 2002-09-27

Overview

Index Server 2.0 and the Indexing Service 3.0 contain a vulnerability that may allow remote intruders to gain information about files on the local computer.

Description

Index Server 2.0 and Indexing Service 3.0 are services that allow information about local files to be queried via a web interface. Normally, this capability would only be available through the server, but the software includes an ActiveX control that is incorrectly marked safe-for-scripting. As a result, an remote attacker could gain information about files on a user's comuter when they view a malicious web page. The indexing service does not need to be running for the attacker to use the ActiveX control.

Impact

When a user views a malicious web page that invokes the vulnerable control, the web page author may be able to gain information about files on the victim's computer. This information includes the names and properties of existing files. If the indexing server is also running, the attacker may be able to gain information about which files contain attacker selected keywords.

Solution

Apply a Patch

Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at:

http://www.microsoft.com/technet/security/bulletin/ms00-098.asp

Vendor Information

829845
Expand all

Microsoft Corporation

Updated:  July 16, 2002

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft has published a security bulletin describing this vulnerability:


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Credit

Georgi Guninski discovered this vulnerability.

This document was written by Cory F. Cohen.

Other Information

CVE IDs: CVE-2000-1105
Severity Metric: 8.10
Date Public: 2000-11-10
Date First Published: 2002-09-27
Date Last Updated: 2002-09-27 17:46 UTC
Document Revision: 10

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.