Vulnerability Note VU#910624

Microsoft Windows 2000 Indexing Service permits read access to files outside web root via crafted request

Original Release date: 27 Sep 2002 | Last revised: 27 Sep 2002


A vulnerability exists in the way that Index Server 2.0 and the Indexing Service for Windows 2000 handles search requests. This vulnerability may alllow attackers to view the contents of "include" files located on the web server.


By submitting a specific search request to a system running Index Server 2.0 or Indexing Service for Windows 2000, a remote attacker may be able to read the contents of "include" files located on the server. While "include" files should not contain sensitive information, if they did, this vulnerability might expose that data to attackers.

This vulnerability is a variant of the problem described in Microsoft Security Bulletin MS00-006.


A remote attacker can view the contents of "include" files located on a vulnerable web server.


Apply a Patch

Microsoft has published patches correcting this vulnerability. The patches are listed in their advisory at:

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected-16 Jul 2002
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A



Thanks to David Litchfield of @Stake for discovering this vulnerability.

This document was written by Cory F. Cohen.

Other Information

  • CVE IDs: CAN-2001-0245
  • Date Public: 10 May 2001
  • Date First Published: 27 Sep 2002
  • Date Last Updated: 27 Sep 2002
  • Severity Metric: 3.83
  • Document Revision: 10


If you have feedback, comments, or additional information about this vulnerability, please send us email.