Key Details of Microsoft Windows NT 4.0 Patch: Malformed Hit-highlighting
- Windows NT update
- Last updated on
- There have been 8 updates
- Virus scan status:
Clean (it's extremely likely that this software program is clean)
Developer's Description
When you conduct a search using Indexing Server 2.0, the hit-highlighting function provides search results that highlight portions of documents that satisfy your search query. This vulnerability exists because Indexing Server 2.0 doesn't set the correct parameters for hit-highlighting search requests. If a malicious user provides a specific type of malformed request, it retrieves files on the server, regardless of the permissions that have been set by the administrator.
By design, the hit-highlighting feature allows the user to specify the name of the document to be hit-highlighted. The user should only be able to request documents within the server's virtual directories; however, if a specific type of malformed argument is provided, it can be used to request a file by its physical location on the drive.
For more information about this vulnerability, read Microsoft Security Bulletin MS01-025.
Explore More
Portable Start Menu
FreeC1320D_05FALL_MODEM-HDA_AGERE_V2.1.54.2_XP.EXE
FreeSystem Utilities:Softex PCCard Controller Version A09
Freeob6kaud1.exe
Free7509188.exe
FreeAgere Systems AC'97 Modem
FreeAnalog Clock
Paidljp3005prnsyswin-pt.exe
FreeOracle Object Search
Trial versionR-Studio Agent Portable
FreeS4572_MODEM_WIN98SE.exe
FreeS4546_Modem_Win2K.exe
Free