Alnini.comUtilities » Security & Encryption » Windows 2000 Indexing Service File Enumeration Vulnerability Patch
  

Windows 2000 Indexing Service File Enumeration Vulnerability Patch (MS00-098)


This patch eliminates a security vulnerability in a component that ships as part of Microsoft Windows 2000. The vulnerability could allow a malicious Web site operator to learn the names and properties of files and folders on the machine of a visiting user.

An ActiveX control that ships as part of Indexing Service is incorrectly marked as 'safe for scripting', thereby enabling it to be executed by Web site applications. The control at issue here could be used to enumerate files and folders and to view their properties. It would not be necessary for Indexing Service to be running in order for the vulnerability to be exploited; however, if it were running, the control also could be used to search for files containing specific words. The vulnerability could not be used to read files, except via a fairly unlikely scenario discussed in detail in the FAQ. It could not be used under any conditions to change, add, or delete information on the user's computer.

A patch has been provided for Indexing Service 3.0, but not for Index Server 2.0. This is primarily due to the different delivery vehicles for the two versions. Indexing Service 3.0 ships as part of all versions of Windows 2000; thus, the vulnerability could affect all Windows 2000 users. In contrast, Index Server 2.0 ships as part of the Windows NT 4.0 Option Pack; thus, to be affected by the vulnerability in Index Server 2.0, a Webmaster would need to browse untrustworthy Internet sites from a Web server, which is contrary to normal recommended practices.

Publisher:

File size:

207KB

Date added:

21/12/2000

Licence:

Free

Requirements:

Windows 2000

Un/Install:

No

Downloads:

1,453

Download Now!

See Also

Folder Lock 4.375

Lock, hide, and password-protect personal files, folders, and pictures from other users of your PC.

Primedius Firewall Lite 1.62

Prevent intrusions into your PC by hackers, spyware, and adware.

Real Spy Monitor 2.07

Monitor all keystrokes, programs used, and Web sites visited on a PC.

Partners
• 

RSS | FAQ |

Links | Maestro

Copyright © 2004-2023 Alnini, Inc. All Rights Reserved. Privacy Policy | Terms of UseGeneration time: 0.02 | SQL queries: 8