VYPR

Indexing Service

by Microsoft

CVEs (5)

  • CVE-2001-0500Jul 21, 2001
    risk 0.11cvss epss 0.97

    Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as…

  • CVE-2000-0942Dec 19, 2000
    risk 0.05cvss epss 0.21

    The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

  • CVE-2000-1105Jan 9, 2001
    risk 0.04cvss epss 0.10

    The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

  • CVE-2009-2507Oct 14, 2009
    risk 0.02cvss epss 0.19

    A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and…

  • CVE-2001-0245Jun 27, 2001
    risk 0.01cvss epss 0.14

    Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.