Microsoft Windows 2000 Patch: Malformed Hit-highlighting

Software Screenshot:
Microsoft Windows 2000 Patch: Malformed Hit-highlighting
Software Details:
Version: Update
Upload Date: 6 Dec 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 9
Size: 159 Kb
Download

Rating: 5.0/5 (Total Votes: 1)

This update addresses the "Malformed Hit-Highlighting" security vulnerability in Windows 2000 computers running Indexing Service, and is discussed in Microsoft Security Bulletin MS01-025. Download now to prevent a malicious user from reading files on your Web server.

When you conduct a search using Indexing Serice, the hit-highlighting function provides search results that highlight portions of documents that satisfy your search query. This vulnerability exists because Indexing Service doesn't set the correct parameters for hit-highlighting search requests. If a malicious user provides a specific type of malformed request, it retrieves files on the server, regardless of the permissions that have been set by the administrator.

By design, the hit-highlighting feature allows the user to specify the name of the document to be hit-highlighted. The user should only be able to request documents within the server's virtual directories; however, if a specific type of malformed argument is provided, it can be used to request a file by its physical location on the drive.

Requirements:

  • Windows NT 4 SP 6
  • Windows 2003 SP 1
  • Windows XP AMD 64-bit
  • Windows XP 64-bit SP 1
  • Windows NT 4 SP 2
  • Windows 2000 SP 1
  • Windows 2003 64-bit
  • Windows 2003 AMD 64-bit
  • Windows XP 64-bit SP 2
  • Windows NT 4 SP 3
  • Windows 2000 SP 2
  • Windows Server 2003 x64 R2
  • Windows 2000
  • Windows 2003 64-bit SP 1
  • Windows Vista AMD 64-bit
  • Windows XP Itanium 64-bit
  • Windows NT 4 SP 4
  • Windows 2000 SP 3
  • Windows NT 4
  • Windows XP 32-bit
  • Windows XP SP 1
  • Windows Server 2003 x86 R2
  • Windows ME
  • Windows 2003 Itanium 64-bit
  • Windows NT 4 SP 5
  • Windows 2000 SP 4
  • Windows Vista 32-bit
  • Windows XP 64-bit
  • Windows NT 4 SP 1
  • Windows Server 2008 x64
  • Windows NT 3
  • Windows Server 2008 x86
  • Windows XP
  • Windows Server 2008
  • Windows 2003
  • Windows Vista Itanium 64-bit
  • Windows XP Itanium 64-bit SP 1
  • Windows 2003 32-bit
  • Windows XP Itanium 64-bit SP 2
  • Windows XP SP 2
  • Windows 95
  • Windows 98
  • Windows Vista
  • Windows NT
  • Windows 2003 Itanium 64-bit SP 1
  • Windows XP Pro

    • 6 Dec 15 in System Utilities, Operating Systems & Updates

    Supported Operation Systems

    Similar Software

    Sugar on a Stick
    Sugar on a Stick

    10 Jul 15

    Windroye
    Windroye

    4 Mar 16

    Exchange 2000 CDO Patch 5770.16
    Exchange 2000 CDO Patch 5770.16

    21 Sep 15

    PS4 System Software Update
    PS4 System Software Update

    28 Sep 17

    Other Software of Developer Microsoft

    FrontPage Web Template for the Sales Site
    FrontPage Web Template for the Sales Site

    21 Sep 15

    Microsoft Security Compliance Manager
    Microsoft Security Compliance Manager

    3 May 15

    Changing Seasons Theme
    Changing Seasons Theme

    25 Aug 17

    FrontPage 2002 Server Extensions Security Patch: KB813380
    FrontPage 2002 Server Extensions Security Patch: KB813380

    21 Sep 15

    Comments to Microsoft Windows 2000 Patch: Malformed Hit-highlighting

    Comments not found
    Add Comment
    Turn on images!
    Search by Category
    Popular software