PCWorks: Microsoft Windows Indexing Service Cross-Site Scripting

Thread: PCWorks: Microsoft Windows Indexing Service Cross-Site Scripting

Search this list only Search all lists
PCWorks: Microsoft Windows Indexing Service Cross-Site Scripting
	2006-09-13 04:23:38
By default, Internet Information Services (IIS) is not installed on Windows XP or on Windows Server 2003. This patch is not needed if it is not installed. ------------------------------------------------------------ ---------- TITLE: Microsoft Windows Indexing Service Cross-Site Scripting SECUNIA ADVISORY ID: SA21861 VERIFY ADVISORY: http://secunia.c om/advisories/21861/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/pro duct/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/p roduct/1177/ Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows 2000 Server http://secunia.com/pro duct/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows XP Professional http://secunia.com/pro duct/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to conduct cross-site scripting attacks. Unspecified input is not properly sanitised by the Indexing service before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session. Successful exploitation requires that the Indexing service is accessible through IIS. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=778294ae-c5e3-4f17-b0e 4-308e46e00105 Windows XP SP1/SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=2731c0bf-6034-4c16-bb5 7-66e70a31a3d6 Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=3f604b2a-1383-4a45-b25 b-c468deefbfc1 Windows Server 2003 (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=0182e8e7-9755-46cc-a39 3-c1e95fd508b2 Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=e3e4a66c-ca9d-453b-887 5-fb57528117ac Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=acf35f34-0d26-4b79-b81 f-1111a784a66d ORIGINAL ADVISORY: MS06-053 (KB910729): http://www.microsoft.com/technet/security/Bullet in/MS06-053.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )