CVE-2006-0032

Description

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535

https://exchange.xforce.ibmcloud.com/vulnerabilities/28651

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053

http://www.vupen.com/english/advisories/2006/3564

http://www.us-cert.gov/cas/techalerts/TA06-255A.html

http://www.securityfocus.com/bid/19927

http://www.securityfocus.com/archive/1/447511/100/0/threaded

http://www.securityfocus.com/archive/1/447509/100/0/threaded

http://www.securityfocus.com/archive/1/446630/100/100/threaded

http://www.kb.cert.org/vuls/id/108884

http://www.geocities.jp/ptrs_sec/advisory09e.html

http://securitytracker.com/id?1016826

http://secunia.com/advisories/21861

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3