CVE-2000-1105 : The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a scr

The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.

Published 2001-01-09 05:00:00

Updated 2008-09-05 20:22:40

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2000-1105

Probability of exploitation activity in the next 30 days: 0.40%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 70 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2000-1105

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

References for CVE-2000-1105

http://www.securityfocus.com/archive/1/144270
http://www.securityfocus.com/bid/1933

Exploit;Patch;Vendor Advisory
http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0074.html

Exploit;Patch;Vendor Advisory

Products affected by CVE-2000-1105

Microsoft » Indexing Service » Windows 2000 Edition
cpe:2.3:a:microsoft:indexing_service:*:*:windows_2000:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2000-1105

Exploit prediction scoring system (EPSS) score for CVE-2000-1105

CVSS scores for CVE-2000-1105

References for CVE-2000-1105

Products affected by CVE-2000-1105