What is the severity of CVE-2006-0032?

CVE-2006-0032 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.

How do I fix CVE-2006-0032?

To mitigate CVE-2006-0032, disable the Indexing Service or configure it not to use the Auto Select encoding option.

What systems are affected by CVE-2006-0032?

CVE-2006-0032 affects Microsoft Windows 2000, XP, and Server 2003 when certain configurations are enabled.

Can CVE-2006-0032 be exploited remotely?

Yes, CVE-2006-0032 can be exploited remotely by attackers injecting malicious scripts through crafted UTF-7 encoded URLs.

What kind of attacks can CVE-2006-0032 facilitate?

CVE-2006-0032 can facilitate cross-site scripting (XSS) attacks, allowing attackers to execute arbitrary web scripts or HTML on the victim's browser.

Vulnerability/
CVE-2006-0032

medium

4.3

CWE

12/9/2006

7/8/2024

CVE-2006-0032: XSS

First published: Tue Sep 12 2006(Updated: )

Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 2003 Server	=datacenter_edition_itanium
Microsoft Windows 2003 Server	=web-sp1_beta_1
Microsoft Windows 2003 Server	=datacenter_edition-sp1_beta_1
Microsoft Windows 2003 Server	=standard
Microsoft Windows XP	=sp1
Microsoft Windows 2003 Server	=datacenter_edition_itanium-sp1_beta_1
Microsoft Windows 2003 Server	=web
Microsoft Windows 2003 Server	=enterprise_64-bit
Microsoft Windows XP	=gold
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows 2003 Server	=standard_64-bit
Microsoft Windows 2000	=sp4
Microsoft Windows XP	=sp2
Microsoft Windows XP
Microsoft Windows XP	=sp1
Microsoft Windows 2000	=sp2
Microsoft Windows 2003 Server	=standard-sp1_beta_1
Microsoft Windows 2003 Server	=r2
Microsoft Windows 2003 Server	=datacenter_edition_itanium-sp1
Microsoft Windows 2000	=resource_kit
Microsoft Windows 2003 Server	=web-sp1
Microsoft Windows 2000	=sp1
Microsoft Windows 2003 Server	=sp1
Microsoft Windows 2003 Server	=enterprise_edition_itanium-sp1
Microsoft Windows XP	=sp2
Microsoft Windows XP
Microsoft Windows 2003 Server	=enterprise_edition-sp1
Microsoft Windows 2003 Server	=standard-sp1
Microsoft Windows 2003 Server	=enterprise_edition_itanium
Microsoft Windows XP	=sp2
Microsoft Windows 2003 Server	=enterprise_edition-sp1_beta_1
Microsoft Windows 2003 Server	=datacenter_edition
Microsoft Windows 2003 Server	=datacenter_edition-sp1
Microsoft Windows 2003 Server	=enterprise_edition_itanium-sp1_beta_1
Microsoft Windows 2000	=sp3

Remedy

http://secunia.com/advisories/21861

Remedy

http://www.securityfocus.com/bid/19927

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0032?
CVE-2006-0032 is classified as a medium severity vulnerability due to its potential for cross-site scripting (XSS) attacks.
How do I fix CVE-2006-0032?
To mitigate CVE-2006-0032, disable the Indexing Service or configure it not to use the Auto Select encoding option.
What systems are affected by CVE-2006-0032?
CVE-2006-0032 affects Microsoft Windows 2000, XP, and Server 2003 when certain configurations are enabled.
Can CVE-2006-0032 be exploited remotely?
Yes, CVE-2006-0032 can be exploited remotely by attackers injecting malicious scripts through crafted UTF-7 encoded URLs.
What kind of attacks can CVE-2006-0032 facilitate?
CVE-2006-0032 can facilitate cross-site scripting (XSS) attacks, allowing attackers to execute arbitrary web scripts or HTML on the victim's browser.

collector/nvd-historical
collector/nvd-index
agent/type
agent/softwarecombine
agent/remedy
collector/mitre-cve
source/MITRE
agent/author
agent/severity
agent/references
agent/last-modified-date
agent/weakness
agent/tags
agent/first-publish-date
agent/description
agent/event
agent/source
vendor/microsoft
canonical/microsoft windows 2003 server
version/microsoft windows 2003 server/datacenter_edition_itanium
version/microsoft windows 2003 server/web-sp1_beta_1
version/microsoft windows 2003 server/datacenter_edition-sp1_beta_1
version/microsoft windows 2003 server/standard
canonical/microsoft windows xp
version/microsoft windows xp/sp1
version/microsoft windows 2003 server/datacenter_edition_itanium-sp1_beta_1
version/microsoft windows 2003 server/web
version/microsoft windows 2003 server/enterprise_64-bit
version/microsoft windows xp/gold
canonical/microsoft windows 2000
version/microsoft windows 2003 server/standard_64-bit
version/microsoft windows 2000/sp4
version/microsoft windows xp/sp2
version/microsoft windows 2000/sp2
version/microsoft windows 2003 server/standard-sp1_beta_1
version/microsoft windows 2003 server/r2
version/microsoft windows 2003 server/datacenter_edition_itanium-sp1
version/microsoft windows 2000/resource_kit
version/microsoft windows 2003 server/web-sp1
version/microsoft windows 2000/sp1
version/microsoft windows 2003 server/sp1
version/microsoft windows 2003 server/enterprise_edition_itanium-sp1
version/microsoft windows 2003 server/enterprise_edition-sp1
version/microsoft windows 2003 server/standard-sp1
version/microsoft windows 2003 server/enterprise_edition_itanium
version/microsoft windows 2003 server/enterprise_edition-sp1_beta_1
version/microsoft windows 2003 server/datacenter_edition
version/microsoft windows 2003 server/datacenter_edition-sp1
version/microsoft windows 2003 server/enterprise_edition_itanium-sp1_beta_1
version/microsoft windows 2000/sp3

CVE-2006-0032: XSS

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2006-0032?

How do I fix CVE-2006-0032?

What systems are affected by CVE-2006-0032?

Can CVE-2006-0032 be exploited remotely?

What kind of attacks can CVE-2006-0032 facilitate?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2006-0032?

How do I fix CVE-2006-0032?

What systems are affected by CVE-2006-0032?

Can CVE-2006-0032 be exploited remotely?

What kind of attacks can CVE-2006-0032 facilitate?