|
|
CVE Reference: CVE-2006-0032 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2006-0032 |
|
|
Description: Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/28651 ST 1016826 SAID Secunia Advisory: SA21861 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:535 MS http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx MISC http://www.geocities.jp/ptrs_sec/advisory09e.html HP http://www.securityfocus.com/archive/1/archive/1/446630/100/100/threaded CERT-VN 108884 CERT http://www.us-cert.gov/cas/techalerts/TA06-255A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/447509/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/447511/100/0/threaded BID 19927 |
|
| Return to the previous page. |
