| VID |
22166 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Indexing Service in the IIS server contains a cross-site scripting vulnerability via a malformed .htw request.
One of vulnerabilities in Microsoft IIS is a cross-site scripting vulnerability, allows a remote attacker to execute script code on the client's machine using the indexing service of IIS server as the deliver. The Indexing Service is a search engine that is integrated with Internet Information Server and Windows 2000. It allows users to perform full-text searches of online sites using their browsers. Unlike many other search engines, Indexing Services can search Word, Excel and PowerPoint documents as well as HTML documents. In Windows 2000, Indexing Services is installed by default, but the service is not started unless the administrator explicitly starts it. Typically, this service searches the word or phrase submitted by user, then generates a web page and sends it to client's browser. Then, the browser parses the page and display it. But, if the text beginning "<SCRIPT>" and ending with "</SCRIPT>" is detected, it's executed as the program code. Using this vulnerability, if a remote attacker can entice the client into visiting malicious site and clicking a hyperlink, they can cause to run malicious scripting code on the client's system using the vulnerable IIS sever. For example, using the following URL, you can check whether the Indexing Service is enabled and is vulnerable.
http://target_server/null.htw?CiWebHitsFile=/default.htm&CiRestriction="<SCRIPT>alert(document.domain)</SCRIPT>"
For the vulnerable server, a dialogue box would be display by the browser, saying "domainname".
* Platforms Affected:
Microsoft IIS 5.0
* References:
http://online.securityfocus.com/bid/1861
http://www.iss.net/security_center/static/5441.php |
| Recommendation |
Apply the Patch Q278499 for this vulnerability from Microsoft Web site, http://www.microsoft.com/windows2000/downloads/critical/q278499/default.asp
1. Select your language from the drop-down list and Click <Go>.
2. Click Security Update.
3. Download this patch and click run it. |
| Related URL |
CVE-2000-0942 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
