CVE-2006-0032

Microsoft Windows - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eiji James Yoshida · textremotewindows

https://www.exploit-db.com/exploits/28500

View Code ZIP pw:eip

References (13)

Core 13

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/447509/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28651

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A535

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3564

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/108884

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016826

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-255A.html

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-053

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/447511/100/0/threaded

Various Sources x_refsource_misc

http://www.geocities.jp/ptrs_sec/advisory09e.html

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19927

Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp

http://www.securityfocus.com/archive/1/446630/100/100/threaded

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/21861

Scores

EPSS 0.7437

EPSS Percentile 98.9%

Details

CWE

CWE-79

Status published

Products (13)

microsoft/windows_2000 (5 CPE variants)

microsoft/windows_2000 resource_kit

microsoft/windows_2003_server datacenter_edition (3 CPE variants)

microsoft/windows_2003_server datacenter_edition_itanium (3 CPE variants)

microsoft/windows_2003_server enterprise_64-bit

microsoft/windows_2003_server enterprise_edition sp1 (2 CPE variants)

microsoft/windows_2003_server enterprise_edition_itanium (3 CPE variants)

microsoft/windows_2003_server r2

microsoft/windows_2003_server sp1

microsoft/windows_2003_server standard (3 CPE variants)

... and 3 more

Published Sep 12, 2006

Tracked Since Feb 18, 2026