Title: Microsoft Windows Indexing Service Buffer Overflow Vulnerability
Severity: CRITICAL
Description:
Microsoft Indexing Service, formerly known as Index Server, is used to manage, query, and index information in file systems or Web servers. It creates indexed catalogs for the contents and properties of file systems and Web servers and provides query mechanisms to access the information in the catalogs. Indexing Service is not enabled by default on the affected computers.
Microsoft Indexing Service is reported prone to a buffer overflow vulnerability. This issue results from insufficient boundary checks performed by the application when copying user-supplied data in to sensitive process buffers. A remote or local attacker may execute arbitrary code on a vulnerable computer, which could ultimately allow the attacker to gain unauthorized access to the computer.
This issue can be exploited by sending a malformed query to the Indexing Service. This query may contain large amounts of string data combined with replacement memory addresses and arbitrary code designed to hijack process execution. If successful, this would lead to a superuser compromise.
It is reported that issue may be locally and remotely exploited, if Indexing Service is enabled on a vulnerable computer. A remote attack vector arises if Microsoft IIS is enabled as a Web-based interface for the Indexing Service. Web-based query pages must be present and accessible by remote users as well. If authentication credentials are not required to access the Web-based query pages, anonymous attackers can exploit this issue. The Indexing service can be accessed over UDP ports 137 and 138 and TCP ports 139 and 445.
The local attack vector also presents itself if Indexing Service is enabled on a vulnerable computer. It is reported that Indexing Service listens on the local network interface by default and can allow local attackers to send specially crafted requests. This can lead to local privilege escalation.
Affected Products:
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Terminal Services SP3
- Microsoft Windows 2000 Terminal Services SP4
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows XP 64-bit Edition Version 2003 SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional SP1
References:
- Microsoft: Microsoft Security Bulletin MS05-003
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
