RULE(RULE ID:311046)

Rule General Information
Release Date: 2016-11-10
Rule Name: Microsoft Indexing Services .htw Cross-site Scripting Vulnerability (CVE-2000-0942)
Rule Protection Details
Description: The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
Impact: An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed.
Affected OS: Windows
Reference: MicrosoftSecurityBulletin:MS00-084
Microsoft has released a patch MS00-084 to eliminate the vulnerability. The patch can be downloaded at