Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft Windows Search脚本注入漏洞
Vulnerability Description
Windows Search允许即时搜索大多数公共文件和数据类型,例如电子邮件、联系人、日历约会、文档、照片、多媒体和由第三方扩展的其他格式 。 Windows Search通过嵌入式的浏览器向用户预览搜索结果。为了支持非HTML/XML文件,Windows Search会将这类文件转换为HTML,但转换器在转义字符的时候没有执行任何过滤便将文件加载到了内嵌的浏览器中。根据嵌入式浏览器的安全设置,上述本地HTML文件无需用户同意便拥有部分JavaScript执行权限 。尽管由于安全限制无法自动初始化XML
CVSS Information
N/A
Vulnerability Type
N/A