Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 2000 |
||
microsoft windows 2000 resource kit |
||
microsoft windows 2003 server datacenter edition |
||
microsoft windows 2003 server datacenter edition itanium |
||
microsoft windows 2003 server enterprise 64-bit |
||
microsoft windows 2003 server enterprise edition |
||
microsoft windows 2003 server enterprise edition itanium |
||
microsoft windows 2003 server r2 |
||
microsoft windows 2003 server sp1 |
||
microsoft windows 2003 server standard |
||
microsoft windows 2003 server standard 64-bit |
||
microsoft windows 2003 server web |
||
microsoft windows xp |