Used Microsoft Windows NT 4.0 Patch: Malformed Hit-highlighting for Windows? Share your experience and help other users.
Developer’s Description
When you conduct a search using Indexing Server 2.0, the hit-highlighting function provides search results that highlight portions of documents that satisfy your search query. This vulnerability exists because Indexing Server 2.0 doesn't set the correct parameters for hit-highlighting search requests. If a malicious user provides a specific type of malformed request, it retrieves files on the server, regardless of the permissions that have been set by the administrator.
By design, the hit-highlighting feature allows the user to specify the name of the document to be hit-highlighted. The user should only be able to request documents within the server's virtual directories; however, if a specific type of malformed argument is provided, it can be used to request a file by its physical location on the drive.
For more information about this vulnerability, read Microsoft Security Bulletin MS01-025.
Used Microsoft Windows NT 4.0 Patch: Malformed Hit-highlighting for Windows? Share your experience and help other users.
Explore More
SanDisk SSD Dashboard
FreeLinksys e1200N300 wireless Router Firmware
FreeRoomstyler 3D Room Planning Tool
FreeTotal Copier
FreeSuDuKu Solver
FreeSpeakSMS
Paidclj3000prnsyswin-en.exe
FreeRegistry Easy
Trial versionMicrosoft SideWinder Strategic Commander HID Drivers
FreeMicrosoft(R) PCI Adapter MN-130
FreeAMD Clean Uninstall Utility
FreeUserBenchmark
Free