← Back

CVE-2006-0032

nvd nist
Published: Sep 12, 2006Modified: Apr 16, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Affected (36)

Microsoft
3 products
Windows 2000
Windows 2003 Server
Windows Xp
Configuration A
36 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows 2000
All versions
Windows 2000
All versions
Windows 2000
All versions
Windows 2000
All versions
Windows 2000
All versions
Windows 2000
Version resource_kit
Microsoft
Windows 2003 Server
Version datacenter_edition
Windows 2003 Server
Version datacenter_edition sp1
Windows 2003 Server
Version datacenter_edition sp1_beta_1
Windows 2003 Server
Version datacenter_edition_itanium
Windows 2003 Server
Version datacenter_edition_itanium sp1
Windows 2003 Server
Version datacenter_edition_itanium sp1_beta_1
Windows 2003 Server
Version enterprise_64-bit
Windows 2003 Server
Version enterprise_edition sp1
Windows 2003 Server
Version enterprise_edition sp1_beta_1
Windows 2003 Server
Version enterprise_edition_itanium
Windows 2003 Server
Version enterprise_edition_itanium sp1
Windows 2003 Server
Version enterprise_edition_itanium sp1_beta_1
Windows 2003 Server
Version r2
Windows 2003 Server
Version sp1
Windows 2003 Server
Version standard
Windows 2003 Server
Version standard sp1
Windows 2003 Server
Version standard sp1_beta_1
Windows 2003 Server
Version standard_64-bit
Windows 2003 Server
Version web
Windows 2003 Server
Version web sp1
Windows 2003 Server
Version web sp1_beta_1
Microsoft
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions
Windows Xp
All versions

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (26)

Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Patch
Source: secure@microsoft.com
US Government Resource
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.