Vulnerability Name:

CVE-2006-0032 (CCN-28651)

Assigned:2005-11-30
Published:2006-09-12
Updated:2019-04-30
Summary:Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
Successful exploitation requires that the Indexing service is accessible through IIS.
CVSS v3 Severity:4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-0032

Source: CCN
Type: SA21861
Microsoft Windows Indexing Service Cross-Site Scripting

Source: SECUNIA
Type: Patch, Vendor Advisory
21861

Source: CCN
Type: SECTRACK ID: 1016826
Windows Indexing Service Input Validation Flaw in Query Parameters Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1016826

Source: CCN
Type: ASA-2006-189
Windows Security Updates for September 2006 - (MS06-052 - MS06-054)

Source: MISC
Type: UNKNOWN
http://www.geocities.jp/ptrs_sec/advisory09e.html

Source: CCN
Type: US-CERT VU#108884
Microsoft Indexing Services vulnerable to cross-site scripting

Source: CERT-VN
Type: US Government Resource
VU#108884

Source: CCN
Type: Microsoft Security Bulletin MS06-053
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

Source: CCN
Type: Microsoft Security Bulletin MS09-057
Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)

Source: HP
Type: UNKNOWN
SSRT061187

Source: BUGTRAQ
Type: UNKNOWN
20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])

Source: BUGTRAQ
Type: UNKNOWN
20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]

Source: BID
Type: Patch
19927

Source: CCN
Type: BID-19927
Microsoft Indexing Service Query Validation Cross-Site Scripting Vulnerability

Source: CERT
Type: US Government Resource
TA06-255A

Source: VUPEN
Type: UNKNOWN
ADV-2006-3564

Source: MS
Type: UNKNOWN
MS06-053

Source: XF
Type: UNKNOWN
ms-indexing-service-xss(28651)

Source: XF
Type: UNKNOWN
ms-indexing-service-xss(28651)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:535

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:resource_kit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_itanium:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_itanium:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*
  • OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:535
    V
    Microsoft Indexing Service Vulnerability
    2006-10-24
    BACK
    microsoft windows 2000 *
    microsoft windows 2000 * sp1
    microsoft windows 2000 * sp2
    microsoft windows 2000 * sp3
    microsoft windows 2000 * sp4
    microsoft windows 2000 resource_kit
    microsoft windows 2003 server datacenter_edition
    microsoft windows 2003 server datacenter_edition sp1
    microsoft windows 2003 server datacenter_edition sp1_beta_1
    microsoft windows 2003 server datacenter_edition_itanium
    microsoft windows 2003 server datacenter_edition_itanium sp1
    microsoft windows 2003 server datacenter_edition_itanium sp1_beta_1
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server enterprise_edition sp1
    microsoft windows 2003 server enterprise_edition sp1_beta_1
    microsoft windows 2003 server enterprise_edition_itanium
    microsoft windows 2003 server enterprise_edition_itanium sp1
    microsoft windows 2003 server enterprise_edition_itanium sp1_beta_1
    microsoft windows 2003 server r2
    microsoft windows 2003 server sp1
    microsoft windows 2003 server standard
    microsoft windows 2003 server standard sp1
    microsoft windows 2003 server standard sp1_beta_1
    microsoft windows 2003 server standard_64-bit
    microsoft windows 2003 server web
    microsoft windows 2003 server web sp1
    microsoft windows 2003 server web sp1_beta_1
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp2
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium
    microsoft windows 2003 *