Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Indexing Services Cross Site Scripting Vulnerability
A security vulnerability exists in Microsoft® Indexing Services for Windows 2000 which could allow a malicious web site operator to misuse another web site as a means of attacking users.
Issue
This vulnerability, known as Cross-Site Scripting (CSS), results when web applications don’t properly validate inputs before using them in dynamic web pages. If a malicious web site operator were able to lure a user to his site, and had identified a third-party web site that was vulnerable to CSS, he could potentially use the vulnerability to “inject” script into a web page created by the other web site, which would then be delivered to the user. The net effect would be to cause the malicious user’s script to run on the user’s machine using the trust afforded the other site.
The vulnerability can affect any software that runs on a web server, accepts user input, and uses it to generate web pages without sufficient validation. Microsoft has identified an Indexing Service component (CiWebHitsFile) that, when called from a specially crafted URL, is vulnerable to this scenario.
Affected Products
- Microsoft Indexing Services for Windows 2000
Download
Patch: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=25517
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: November 2, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
