CVE-2006-0032 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000 XP and Server 2003 when the Encoding option is set to Auto Select allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL which is injected into an error message whose charset is set to UTF-7.

Reference

http://secunia.com/advisories/21861 http://securitytracker.com/id?1016826 http://www.geocities.jp/ptrs_sec/advisory09e.html http://www.kb.cert.org/vuls/id/108884 http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/archive/1/447509/100/0/threaded http://www.securityfocus.com/archive/1/447511/100/0/threaded http://www.securityfocus.com/bid/19927 http://www.us-cert.gov/cas/techalerts/TA06-255A.html http://www.vupen.com/english/advisories/2006/3564 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053 https://exchange.xforce.ibmcloud.com/vulnerabilities/28651 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A535

Share on: