CVE-2006-0032

Microsoft Windows - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Eiji James Yoshida · textremotewindows
https://www.exploit-db.com/exploits/28500

References (13)

Scores

EPSS 0.7437
EPSS Percentile 98.8%

Classification

CWE
CWE-79
Status draft

Affected Products (36)

microsoft/windows_2000
microsoft/windows_2000
microsoft/windows_2000
microsoft/windows_2000
microsoft/windows_2000
microsoft/windows_2000
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
microsoft/windows_2003_server
... and 21 more

Timeline

Published Sep 12, 2006
Tracked Since Feb 18, 2026