漏洞类别:Web server漏洞等级: 
漏洞信息
Microsoft Index Server is a search engine that is integrated with Microsoft IIS (Internet Information Server) and Windows NT. It allows users to perform full-text searches of online sites using their browsers.
Index Server Versions 4.0 and 5.0 contain a vulnerability that could allow a malicious user to view any known file on a Web server by requesting a path containing double-dot (../) directives.
Note: This vulnerability only affects files that reside on the Web server itself, and only on the same logical drive as the server's root directory. Files residing on a remote server at a Web site (for example, files on a remote database server) are not at risk from this vulnerability.
Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s):
February Security Updates are Available (KB911564)
漏洞危害
By exploiting this vulnerability, unauthorized users can read any file on the hard drive holding the Web server documents. This vulnerability cannot be used to execute commands from a remote system.
解决方案
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS00-006: Index Server 2.0 (Intel )
0day
文章评论