ActiveX Object Vulnerability in Windows 2000 Indexing Services
CVE-2000-1105

Currently unrated

Key Information:

Vendor: Microsoft
Status: Indexing Service
Vendor: CVE Published:; 9 January 2001

Summary

The ixsso.query ActiveX Object in Windows 2000 is improperly marked as safe for scripting, allowing attackers to create malicious websites that can remotely probe the file system of users with Indexing Services enabled. This oversight can lead to unauthorized information disclosure by permitting the detection of files present on the user’s system.

References

http://www.securityfocus.com/bid/1933

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/144270

mailing-listx_refsource_BUGTRAQ

http://archives.neohapsis.com/archives/win2ksecadvice/200...

mailing-listx_refsource_WIN2KSEC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 9, 2001
Vulnerability Reserved
Dec 14, 2000