Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.SMB_NT_MS06-053.NASL
HistorySep 12, 2006 - 12:00 a.m.

MS06-053: Vulnerability in Indexing Service Could Allow XSS (920685)

2006-09-1200:00:00
This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
www.tenable.com
7
JSON

The remote host is running a version of the Indexing service that fails to adequately sanitize some requests. Combined with a web server using this service, this flaw could be exploited by an attacker who would be able to cause arbitrary HTML and script code to be executed in a user’s browser within the security context of the affected site.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(22333);
 script_version("1.32");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id("CVE-2006-0032");
 script_bugtraq_id(19927);
 script_xref(name:"MSFT", value:"MS06-053");
 script_xref(name:"MSKB", value:"920685");

 script_name(english:"MS06-053: Vulnerability in Indexing Service Could Allow XSS (920685)");
 script_summary(english:"Determines if hotfix 920685 has been installed");

 script_set_attribute(attribute:"synopsis", value:
"The remote web server is vulnerable to a cross-site scripting attack.");
 script_set_attribute(attribute:"description", value:
"The remote host is running a version of the Indexing service that fails
to adequately sanitize some requests.  Combined with a web server using
this service, this flaw could be exploited by an attacker who would be
able to cause arbitrary HTML and script code to be executed in a user's
browser within the security context of the affected site.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-053");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
 script_cwe_id(79);

 script_set_attribute(attribute:"vuln_publication_date", value:"2006/09/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2006/09/12");
 script_set_attribute(attribute:"plugin_publication_date", value:"2006/09/12");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS06-053';
kb = '920685';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'1,2', win2003:'0,1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if ( hotfix_is_vulnerable(os:"5.2", sp:0, file:"Query.dll", version:"5.2.3790.552", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.2", sp:1, file:"Query.dll", version:"5.2.3790.2734", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:1, file:"Query.dll", version:"5.1.2600.1860", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.1", sp:2, file:"Query.dll", version:"5.1.2600.2935", dir:"\system32", bulletin:bulletin, kb:kb) ||
     hotfix_is_vulnerable(os:"5.0", file:"Query.dll", version:"5.0.2195.7100", dir:"\system32", bulletin:bulletin, kb:kb) )
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  set_kb_item(name: 'www/0/XSS', value: TRUE);
  hotfix_security_warning();

  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}
VendorProductVersionCPE
microsoftwindowscpe:/o:microsoft:windows

Related

cert 1
checkpoint_advisories 1
prion 1
securityvulns 1
jvn 1
cve 2
cvelist 1
cert
cert
Microsoft Indexing Services vulnerable to cross-site scripting
2006-09-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Indexing Service Cross-Site Scripting Vulnerability (MS06-053)
2006-09-14 00:00:00
prion
prion
Cross site scripting
2006-09-12 23:07:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-053 Vulnerability in Indexing Service Could Allow Cross-Site Scripting &#40;920685&#41;
2006-09-12 00:00:00
jvn
jvn
JVN#52201480 Microsoft Windows Indexing Service cross-site scripting vulnerability
2006-09-13 00:00:00
cve
cve
CVE-2006-0032
2006-09-12 23:07:00
CVE-2006-5152
2006-10-05 04:04:00
cvelist
cvelist
CVE-2006-0032
2006-09-12 23:00:00
JSON
Related for SMB_NT_MS06-053.NASL
cert1checkpoint_advisories1prion1securityvulns1jvn1cve2cvelist1