Vulnerability-Lookup

CVE-2006-0032 (GCVE-0-2006-0032)

Vulnerability from cvelistv5 – Published: 2006-09-13 03:00 – Updated: 2024-08-07 16:18

Summary

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/archive/1/447509/100…	mailing-listx_refsource_BUGTRAQ
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.vupen.com/english/advisories/2006/3564	vdb-entryx_refsource_VUPEN
	http://www.kb.cert.org/vuls/id/108884	third-party-advisoryx_refsource_CERT-VN
	http://securitytracker.com/id?1016826	vdb-entryx_refsource_SECTRACK
	http://www.us-cert.gov/cas/techalerts/TA06-255A.html	third-party-advisoryx_refsource_CERT
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/archive/1/447511/100…	mailing-listx_refsource_BUGTRAQ
	http://www.geocities.jp/ptrs_sec/advisory09e.html	x_refsource_MISC
	http://www.securityfocus.com/bid/19927	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/446630/100…	vendor-advisoryx_refsource_HP
	http://secunia.com/advisories/21861	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/446630/100…	vendor-advisoryx_refsource_HP

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.646Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
          },
          {
            "name": "ms-indexing-service-xss(28651)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
          },
          {
            "name": "oval:org.mitre.oval:def:535",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
          },
          {
            "name": "ADV-2006-3564",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3564"
          },
          {
            "name": "VU#108884",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/108884"
          },
          {
            "name": "1016826",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016826"
          },
          {
            "name": "TA06-255A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
          },
          {
            "name": "MS06-053",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
          },
          {
            "name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
          },
          {
            "name": "19927",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19927"
          },
          {
            "name": "SSRT061187",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
          },
          {
            "name": "21861",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21861"
          },
          {
            "name": "HPSBST02134",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-12T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-19T18:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
        },
        {
          "name": "ms-indexing-service-xss(28651)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
        },
        {
          "name": "oval:org.mitre.oval:def:535",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
        },
        {
          "name": "ADV-2006-3564",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3564"
        },
        {
          "name": "VU#108884",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/108884"
        },
        {
          "name": "1016826",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016826"
        },
        {
          "name": "TA06-255A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
        },
        {
          "name": "MS06-053",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
        },
        {
          "name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
        },
        {
          "name": "19927",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19927"
        },
        {
          "name": "SSRT061187",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
        },
        {
          "name": "21861",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21861"
        },
        {
          "name": "HPSBST02134",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0032",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
            },
            {
              "name": "ms-indexing-service-xss(28651)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
            },
            {
              "name": "oval:org.mitre.oval:def:535",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
            },
            {
              "name": "ADV-2006-3564",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3564"
            },
            {
              "name": "VU#108884",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/108884"
            },
            {
              "name": "1016826",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016826"
            },
            {
              "name": "TA06-255A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
            },
            {
              "name": "MS06-053",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
            },
            {
              "name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
            },
            {
              "name": "http://www.geocities.jp/ptrs_sec/advisory09e.html",
              "refsource": "MISC",
              "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
            },
            {
              "name": "19927",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19927"
            },
            {
              "name": "SSRT061187",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
            },
            {
              "name": "21861",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21861"
            },
            {
              "name": "HPSBST02134",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-0032",
    "datePublished": "2006-09-13T03:00:00.000Z",
    "dateReserved": "2005-11-30T05:00:00.000Z",
    "dateUpdated": "2024-08-07T16:18:20.646Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-388

Vulnerability from certfr_avis - Published: 2006-09-13 - Updated: 2006-09-13

None

Description

La plupart des versions de Microsoft Windows offrent un service d'indexage (Indexing Service) afin d'optimiser la recherche de fichiers à partir de certaines de leurs propriétés (noms, contenus, format, etc).

Ce service n'est pas lancé automatiquement par défaut, mais peut le devenir quand une personne choisit l'option «rendre les recherches futures plus rapides» au cours de l'une d'elles.

Le service sert aussi pour indexer le contenu des serveurs Web IIS (Internet Information Services).

Une vulnérabilité a été identifiée dans le service d'indexage. Associé à un serveur Web, il pourrait être utilisé par une personne malveillante pour une attaque de type injection de code indirecte (ou cross-site scripting). La vulnérabilité lui permettrait de modifier le contenu de certaines pages Web. Lorsqu'un utilisateur naviguerait sur le site compromis, la personne malveillante pourrait alors surveiller sa session Web, dérober des informations, ou exécuter d'autres codes sur le système de l'utilisateur.

Solution

Se référer au bulletin de sécurité MS06-053 de Microsoft pour l'application des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows XP Professionnel Édition x64 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 et Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows Server 2003 Édition x64.
Microsoft	Windows	Microsoft Windows Server 2003 pour les systèmes Itanium et Microsoft Windows Server 2003 avec SP1 pour les systèmes Itanium ;
Microsoft	Windows	Microsoft Windows Server 2003 et Microsoft Windows Server 2003 Service Pack 1 ;
Microsoft	Windows	Microsoft Windows 2000 Service Pack 4 ;

References

Title

Publication Time

GSD-2006-0032

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-0032

Aliases

CVE-2006-0032

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0032",
    "description": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.",
    "id": "GSD-2006-0032"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0032"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.",
      "id": "GSD-2006-0032",
      "modified": "2023-12-13T01:19:50.605789Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-0032",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
          },
          {
            "name": "ms-indexing-service-xss(28651)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
          },
          {
            "name": "oval:org.mitre.oval:def:535",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
          },
          {
            "name": "ADV-2006-3564",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3564"
          },
          {
            "name": "VU#108884",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/108884"
          },
          {
            "name": "1016826",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016826"
          },
          {
            "name": "TA06-255A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
          },
          {
            "name": "MS06-053",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
          },
          {
            "name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
          },
          {
            "name": "http://www.geocities.jp/ptrs_sec/advisory09e.html",
            "refsource": "MISC",
            "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
          },
          {
            "name": "19927",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19927"
          },
          {
            "name": "SSRT061187",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
          },
          {
            "name": "21861",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21861"
          },
          {
            "name": "HPSBST02134",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_itanium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_itanium:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1_beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1_beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:resource_kit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0032"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19927",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/19927"
            },
            {
              "name": "21861",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21861"
            },
            {
              "name": "TA06-255A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
            },
            {
              "name": "VU#108884",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/108884"
            },
            {
              "name": "1016826",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016826"
            },
            {
              "name": "http://www.geocities.jp/ptrs_sec/advisory09e.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
            },
            {
              "name": "ADV-2006-3564",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/3564"
            },
            {
              "name": "ms-indexing-service-xss(28651)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
            },
            {
              "name": "oval:org.mitre.oval:def:535",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
            },
            {
              "name": "MS06-053",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
            },
            {
              "name": "20061001 Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053]",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
            },
            {
              "name": "20061002 IE UXSS (Universal XSS in IE, was Re: Microsoft Internet Information Services UTF-7 XSS Vulnerability [MS06-053])",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
            },
            {
              "name": "SSRT061187",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-04-30T14:27Z",
      "publishedDate": "2006-09-12T23:07Z"
    }
  }
}

GHSA-J37X-HH95-R628

Vulnerability from github – Published: 2022-05-01 06:37 – Updated: 2022-05-01 06:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0032"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-12T23:07:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.",
  "id": "GHSA-j37x-hh95-r628",
  "modified": "2022-05-01T06:37:08Z",
  "published": "2022-05-01T06:37:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0032"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21861"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016826"
    },
    {
      "type": "WEB",
      "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/108884"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19927"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3564"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

JVNDB-2006-000540

Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00

Severity ?

N/A (UNKNOWN) - -

Summary

Microsoft Windows Indexing Service cross-site scripting vulnerability

Details

Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.

References

Type

URL

	JVN	http://jvn.jp/cert/JVNTA06-255A/
	JVN	http://jvn.jp/en/jp/JVN52201480/index.html
	JVNTR	http://jvn.jp/tr/TRTA06-255A
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0032
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0032
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA06-255A.html
	CERT-VN	http://www.kb.cert.org/vuls/id/108884
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA06-255A.html
	SECUNIA	http://secunia.com/advisories/21861
	BID	http://www.securityfocus.com/bid/19927
	FRSIRT	http://www.frsirt.com/english/advisories/2006/3564

Impacted products

Vendor

Product

	Microsoft Corporation	Microsoft Windows 2000
	Microsoft Corporation	Microsoft Windows Server 2003
	Microsoft Corporation	Microsoft Windows XP

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000540.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "Microsoft Windows Indexing Service contains a cross-site scripting vulnerability.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000540.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:microsoft:windows_2000",
      "@product": "Microsoft Windows 2000",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_server_2003",
      "@product": "Microsoft Windows Server 2003",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:microsoft:windows_xp",
      "@product": "Microsoft Windows XP",
      "@vendor": "Microsoft Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000540",
  "sec:references": [
    {
      "#text": "http://jvn.jp/cert/JVNTA06-255A/",
      "@id": "JVNTA06-255A",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/jp/JVN52201480/index.html",
      "@id": "JVN#52201480",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/tr/TRTA06-255A",
      "@id": "TRTA06-255A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0032",
      "@id": "CVE-2006-0032",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-0032",
      "@id": "CVE-2006-0032",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA06-255A.html",
      "@id": "SA06-255A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/108884",
      "@id": "VU#108884",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html",
      "@id": "TA06-255A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://secunia.com/advisories/21861",
      "@id": "SA21861",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/19927",
      "@id": "19927",
      "@source": "BID"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2006/3564",
      "@id": "FrSIRT/ADV-2006-3564",
      "@source": "FRSIRT"
    }
  ],
  "title": "Microsoft Windows Indexing Service cross-site scripting vulnerability"
}

FKIE_CVE-2006-0032

Vulnerability from fkie_nvd - Published: 2006-09-12 23:07 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/21861	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1016826
secure@microsoft.com	http://www.geocities.jp/ptrs_sec/advisory09e.html
secure@microsoft.com	http://www.kb.cert.org/vuls/id/108884	US Government Resource
secure@microsoft.com	http://www.securityfocus.com/archive/1/446630/100/100/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/447509/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/archive/1/447511/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/19927	Patch
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-255A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/3564
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/28651
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21861	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016826
af854a3a-2127-422b-91ae-364da2661108	http://www.geocities.jp/ptrs_sec/advisory09e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/108884	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/446630/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447509/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/447511/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19927	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-255A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3564
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/28651
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	resource_kit
microsoft	windows_2003_server	datacenter_edition
microsoft	windows_2003_server	datacenter_edition
microsoft	windows_2003_server	datacenter_edition
microsoft	windows_2003_server	datacenter_edition_itanium
microsoft	windows_2003_server	datacenter_edition_itanium
microsoft	windows_2003_server	datacenter_edition_itanium
microsoft	windows_2003_server	enterprise_64-bit
microsoft	windows_2003_server	enterprise_edition
microsoft	windows_2003_server	enterprise_edition
microsoft	windows_2003_server	enterprise_edition_itanium
microsoft	windows_2003_server	enterprise_edition_itanium
microsoft	windows_2003_server	enterprise_edition_itanium
microsoft	windows_2003_server	r2
microsoft	windows_2003_server	sp1
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard_64-bit
microsoft	windows_2003_server	web
microsoft	windows_2003_server	web
microsoft	windows_2003_server	web
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:resource_kit:*:*:*:*:*:*:*",
              "matchCriteriaId": "B78BF2C4-417B-4EF8-B77C-90305C1D2AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*",
              "matchCriteriaId": "480D8321-EB2F-4626-A16B-F3C2B771EDB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E3538DA2-B040-426D-9ADC-7C5BE9C2D4E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "54836D69-7BBE-4B91-9548-ECDF8AA02901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_itanium:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FAFE013-D614-4C4B-BD62-2C58302C5115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A2E659E8-642B-4B83-9B08-0D936576B440",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_itanium:sp1_beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "19002473-CCAC-4F14-9176-7F08C637AB77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "E6E3EB90-92C9-4B69-B58C-087D382DC579",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "24FD136F-8064-44C4-A9B0-1E793EB6FB6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_itanium:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A76783D-078D-4D68-B6DA-EE2096639881",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9ED6C754-BE0E-41CA-B674-90C43494A8AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_itanium:sp1_beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "80EB9AF9-B2D1-4B90-8BB4-E63484289CD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
              "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "4E9E190B-A109-4177-A5B5-7BD32573762E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E6DA0-09F8-4EAB-B1B2-D4D0A7771AC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "394F16B8-C29F-445A-AA47-AA82F78CFA20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
              "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*",
              "matchCriteriaId": "A2A2852D-64BE-40B1-8811-02EBDC1E044E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
              "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
              "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
              "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
              "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
              "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
              "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
              "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
              "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el Indexing Service dentro de Microsoft Windows 2000, XP, y Server 2003, cuando la opci\u00f3n Encoding est\u00e1 asiganado a Auto Select, permite a un atacante remoto inyectar secuencias de comandos web o HTML a trav\u00e9s de una URL codificada UTF-7, el cual es inyectado dentro de un mensaje de error cuyo conjunto de caracteres est\u00e1 asignado a UTF-7."
    }
  ],
  "evaluatorSolution": "Successful exploitation requires that the Indexing service is accessible through IIS.",
  "id": "CVE-2006-0032",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-09-12T23:07:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21861"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1016826"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/108884"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19927"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/3564"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21861"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.geocities.jp/ptrs_sec/advisory09e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/108884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/446630/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447509/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447511/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-255A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-0032 (GCVE-0-2006-0032)

CERTA-2006-AVI-388

Description

Solution

GSD-2006-0032

GHSA-J37X-HH95-R628

JVNDB-2006-000540

FKIE_CVE-2006-0032

Tags

Sightings

Nomenclature