Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote malicious users to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 2003 server datacenter_edition |
||
microsoft windows 2003 server enterprise_edition_itanium |
||
microsoft windows 2003 server standard_64-bit |
||
microsoft windows 2003 server web |
||
microsoft windows xp |
||
microsoft windows 2000 |
||
microsoft windows 2003 server datacenter_edition_itanium |
||
microsoft windows 2003 server r2 |
||
microsoft windows 2003 server enterprise_64-bit |
||
microsoft windows 2003 server sp1 |
||
microsoft windows 2003 server standard |
||
microsoft windows 2000 resource_kit |
||
microsoft windows 2003 server enterprise_edition |