Hillstone Networks

RULE（RULE ID：311046）

Rule General Information


Release Date:		2016-11-10

Rule Name:		Microsoft Indexing Services .htw Cross-site Scripting Vulnerability (CVE-2000-0942)

Severity:

CVE ID:

Rule Protection Details


Description:		The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

Impact:		An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.

Affected OS:		Windows

Reference:		MicrosoftSecurityBulletin:MS00-084 SecurityFocusBID:1861

Solutions

Microsoft has released a patch MS00-084 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/bulletin/MS00-084.asp