Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Workaround for the vulnerability in the Indexing Service that could allow remote code execution


View products that this article applies to.

Introduction

A vulnerability in the Indexing Service could allow remote code execution. This vulnerability involves specially formed queries that are longer than 62 characters. Security update 871250 addresses this vulnerability. This article describes a technique that will help prevent an attacker from trying to exploit this vulnerability on computers that do not have security update 871250 applied.

↑ Back to the top


More information


The operating system software development kit (SDK) includes sample code (Query.asp) for querying the Indexing Service. Query.asp uses Microsoft Internet Information Services (IIS) and the Indexing Service's IXSSO query object. The lines in bold in the following example demonstrate additional code that can be added to Query.asp to limit query length. This additional code will help prevent attempts to exploit this vulnerability. You can update other operating system SDK sample query pages in a similar manner.
    if right(SearchString, 1) = chr(34) then
            SrchStrLen = SrchStrLen-1
            SearchString = left(SearchString, SrchStrLen)
    end if

    SrchStrLen = len( SearchString )
    if SrchStrLen > 60 then
            SrchStrLen = 60
            SearchString = left( SearchString, 60 )
    end if

    if Advanced<> "on" then
      CompSearch = "{freetext} " &  SearchString & "{/freetext}"
    else
      CompSearch = SearchString
    end if

    set Q = Server.CreateObject("ixsso.Query")
    set Util = Server.CreateObject("ixsso.Util")

For additional information about security update 871250, click the following article number to view the article in the Microsoft Knowledge Base:
871250� MS05-003: Vulnerability in the Indexing Service could allow remote code execution

↑ Back to the top


Keywords: KB890621, kbinfo, kbhowto, kbexpertiseadvanced, kbadmin, kbsecurity

↑ Back to the top

Article Info
Article ID : 890621
Revision : 4
Created on : 2/23/2007
Published on : 2/23/2007
Exists online : False
Views : 506