CVE-2006-0032

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Published: Sep 13, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-0032
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
microsoft / windows_2003_server	datacenter_edition_itanium	datacenter_edition_itanium.x
microsoft / windows_2003_server	web-sp1_beta_1	web-sp1_beta_1.x
microsoft / windows_2003_server	datacenter_edition-sp1_beta_1	datacenter_edition-sp1_beta_1.x
microsoft / windows_2003_server	standard	standard.x
microsoft / windows_xp	-	-
microsoft / windows_2003_server	datacenter_edition_itanium-sp1_beta_1	datacenter_edition_itanium-sp1_beta_1.x
microsoft / windows_2003_server	web	web.x
microsoft / windows_2003_server	enterprise_64-bit	enterprise_64-bit.x
microsoft / windows_2000	-	-
microsoft / windows_2003_server	standard_64-bit	standard_64-bit.x
microsoft / windows_2003_server	standard-sp1_beta_1	standard-sp1_beta_1.x
microsoft / windows_2003_server	r2	r2.x
microsoft / windows_2003_server	datacenter_edition_itanium-sp1	datacenter_edition_itanium-sp1.x
microsoft / windows_2000	resource_kit	resource_kit.x
microsoft / windows_2003_server	web-sp1	web-sp1.x
microsoft / windows_2003_server	sp1	sp1.x
microsoft / windows_2003_server	enterprise_edition_itanium-sp1	enterprise_edition_itanium-sp1.x
microsoft / windows_2003_server	enterprise_edition-sp1	enterprise_edition-sp1.x
microsoft / windows_2003_server	standard-sp1	standard-sp1.x
microsoft / windows_2003_server	enterprise_edition_itanium	enterprise_edition_itanium.x
microsoft / windows_2003_server	enterprise_edition-sp1_beta_1	enterprise_edition-sp1_beta_1.x
microsoft / windows_2003_server	datacenter_edition	datacenter_edition.x
microsoft / windows_2003_server	datacenter_edition-sp1	datacenter_edition-sp1.x
microsoft / windows_2003_server	enterprise_edition_itanium-sp1_beta_1	enterprise_edition_itanium-sp1_beta_1.x

Vulnerability Database

290,020

CVE-2006-0032