===================================================================== CERT-Renater Note d'Information No. 2006/VULN496 _____________________________________________________________________ DATE : 13/09/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Windows 2000, Windows XP, Windows Server 2003. ====================================================================== http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx ---------------------------------------------------------------------- MS06-053 - Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685) Affected Software: - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 1 - Microsoft Windows XP Service Pack 2 - Microsoft Windows XP Professional x64 Edition - Microsoft Windows Server 2003 for Itanium-based Systems - Microsoft Windows Server 2003 with SP1 for Itanium-based Systems - Microsoft Windows Server 2003 x64 Edition Full MS06-053 advisory: - http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx Vulnerability Details Microsoft Indexing Service Vulnerability - CVE-2006-0032: There is an information disclosure vulnerability in Indexing Service because of the way it handles query validation. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================