Follow:

Exploit:Win/IIS.IndexService.XSS!CVE-2006-0032

Severity rating
Moderate

Class/Type
Exploit

Discovered date
2006-09-12T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

There is an information disclosure vulnerability in the Indexing Service because of the way that it handles query validation. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site.



Impact

An attacker who successfully exploited this vulnerability could run a malicious script. If this malicious script is run, it would run in the security context of the user on the client. The script could take any action on the user's computer that the Web site is authorized to take. These actions could include monitoring the user’s Web session and forwarding information to a third party, running other code on the user's system, and reading or writing cookies.



Technical details (analysis)

The Indexing Service is a base service for the affected operating systems. Formerly known as Index Server, its original function was to index the content of Internet Information Services (IIS) Web servers. Indexing Service now creates indexed catalogs for the contents and properties of both file systems and virtual Web servers.The Indexing Service is available to applications and scripts for providing an efficient means of managing, querying, and indexing information in file systems or Web servers. The Indexing Service does not properly validate query parameters, creating the possibility of cross-site scripting. An attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or instant messenger message that takes users to the attacker's Web site.



Affected software

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Exploit:Win/IIS.IndexService.XSS!CVE-2006-0032
Release Date: 2006-09-12T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Do not browse the Internet from a system in a server role
Disable page encoding auto-detection in Internet Explorer
Use URLScan on Windows 2000 running IIS 5.0
Remove the Index Server ISAPI extension Script Mappings from Internet Information Service for Windows 2000 running IIS 5.0
Remove the Indexing Service