CVE-2006-0032

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000, XP, and Server 2003

Description: A cross-site scripting issue exists due to the Indexing Service in Microsoft Windows. When the Encoding option is set to Auto Select, remote attackers can inject arbitrary web script or HTML via a UTF-7 encoded URL. This encoded URL is then injected into an error message with a charset set to UTF-7.

Recommendations: For Microsoft Windows 2000, XP, and Server 2003, consider disabling the Indexing Service or setting the Encoding option to a value other than Auto Select to mitigate the risk of exploitation. Restrict access to the Indexing Service to minimize the risk of remote attackers injecting arbitrary web script or HTML.