[Japanese]

JVNDB-2006-000540

Microsoft Windows Indexing Service cross-site scripting vulnerability

Overview

Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Microsoft Corporation
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2003 (itanium)
  • Microsoft Windows Server 2003 (x64)
  • Microsoft Windows XP sp3
  • Microsoft Windows XP (x64)

Impact

If the Indexing Service in Internet Information Services (IIS) provides search capabilities, an arbitrary script could be executed on the user's web browser.
Solution

Vendor Information

Microsoft Corporation
  • Microsoft Security Bulletin : MS06-053
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2006-0032
References

  1. JVN : JVNTA06-255A (Japanese)
  2. JVN : JVN#52201480
  3. JVN Status Tracking Notes : TRTA06-255A (Japanese)
  4. National Vulnerability Database (NVD) : CVE-2006-0032
  5. US-CERT Cyber Security Alerts : SA06-255A
  6. US-CERT Vulnerability Note : VU#108884
  7. US-CERT Technical Cyber Security Alert : TA06-255A
  8. Secunia Advisory : SA21861
  9. SecurityFocus : 19927
  10. FrSIRT Advisories : FrSIRT/ADV-2006-3564
Revision History

  • [2008/05/21]
      Web page published