Vulnerability Bulletins |
Cross-Site Scripting en Indexing Service en Microsoft Windows |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Integridad |
Dificulty | Avanzado |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | Microsoft |
Affected software |
Microsoft Windows 2000 <= SP4 Microsoft Windows XP <= SP2 Microsoft Windows XP Professional x64 Microsoft Windows Server 2003 <= SP1 Microsoft Windows Server 2003 <= SP1 Itanium Microsoft Windows Server 2003 x64 |
Description |
|
Se ha descubierto una vulnerabilidad de tipo Cross-Site Scripting en el servicio Indexing Service en Microsoft Windows 2000, XP, y Server 2003. La vulnerabilidad reside en un error en la forma en que Indexing Service maneja la validación de peticiones. Un atacante remoto podría inyectar código Web script o HTML arbitrario mediante vectores no especificados pero relacionados con Internet Information Services (IIS). |
|
Solution |
|
Actualización de software Microsoft Microsoft Windows 2000 Service Pack 4 http://www.microsoft.com/downloads/details.aspx?FamilyId=778294ae-c5e3-4f17-b0e4-308e46e00105 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Service Pack 2 http://www.microsoft.com/downloads/details.aspx?FamilyId=2731c0bf-6034-4c16-bb57-66e70a31a3d6 Microsoft Windows XP Professional x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=3f604b2a-1383-4a45-b25b-c468deefbfc1 Microsoft Windows Server 2003 Microsoft Windows Server 2003 SP1 http://www.microsoft.com/downloads/details.aspx?FamilyId=0182e8e7-9755-46cc-a393-c1e95fd508b2 Microsoft Windows Server 2003 Itanium Microsoft Windows Server 2003 SP1 Itanium http://www.microsoft.com/downloads/details.aspx?FamilyId=e3e4a66c-ca9d-453b-8875-fb57528117ac Microsoft Windows Server 2003 x64 http://www.microsoft.com/downloads/details.aspx?FamilyId=acf35f34-0d26-4b79-b81f-1111a784a66d |
|
Standar resources |
|
Property | Value |
CVE | CVE-2006-0032 |
BID | 19927 |
Other resources |
|
Microsoft Security Bulletin (MS06-053) http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2006-09-13 |