CVE-2009-0239

2009-06-1018:00:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.173

Percentile

96.2%

JSON

Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka “Script Execution in Windows Search Vulnerability.”

Affected configurations

Nvd

Node

microsoftwindows_server_2003sp2

microsoftwindows_xpsp2

microsoftwindows_xpsp2professional_x64

microsoftwindows_xpsp3

AND

microsoftwindows_searchMatch4.0

VendorProductVersionCPE
microsoftwindows_server_2003*cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*
microsoftwindows_xp*cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
microsoftwindows_search4.0cpe:2.3:a:microsoft:windows_search:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_server_2003	*	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp2:professional_x64:::::
microsoft	windows_xp	*	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
microsoft	windows_search	4.0	cpe:2.3:a:microsoft:windows_search:4.0:::::::*