CVE-2000-1104

Vulnerability

A variant of the cross-site scripting vulnerability originally discussed in Microsoft Security Bulletin MS00-060 (CVE-2000-0746) affects Microsoft Internet Information Server (IIS) versions 4.0 and 5.0. The vulnerability occurs when a malicious web site operator embeds scripts in a link to a trusted site, and the server returns the unquoted script in an error message, which then executes in the client's browser within the trusted site's context [1].

Exploitation

An attacker needs to lure a user to click on a specially crafted link that points to a trusted IIS web server. The server processes the request and generates an error message containing the malicious script without proper quoting, causing the browser to execute the script in the security context of the trusted site. No authentication or special privileges are required beyond the ability to craft a link and convince a user to click it [1].

Impact

Successful exploitation allows the attacker to execute arbitrary scripts in the user's browser within the security context of the trusted web site. This can lead to disclosure of sensitive data, session hijacking, or other malicious actions that the trusted site's scripts could perform. The impact is the same as the original cross-site scripting vulnerability [1].

Mitigation

Microsoft released an updated patch in November 2000 that eliminates all known variants of the vulnerability, including CVE-2000-1104. Customers who applied the original version of the patch should apply the new version to ensure full protection. The affected software includes IIS 4.0 and IIS 5.0. No workaround is documented; applying the patch is the recommended mitigation [1].