[原文]The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
It is not necessary to specify a valid .htw file because the virtual file null.htw is stored in memory and the .htw extension is mapped by default to webhits.dll.
Indexing Services is shipped with Windows 2000, however is not started by default. Those who are running a web server and have enabled Indexing Services are recommended to apply the patch.
Microsoft Indexing Services for Windows 2000 .htw XSS
Remote / Network Access
Loss of Integrity
Patch / RCS
IIS 5.0 Indexing Services for Windows 2000 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the CiRestriction parameter in a .htw request upon submission, allowing Active Scripting to execute on a the host's browser. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
A remote attacker can visit a Web page containing malicious code that requests an .htw file, causing Active Scripting to execute active content on a visiting user's computer.
Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (MS00-084) to address this vulnerability. Microsoft also recommends filtering special characters. Check the vendor advisory or solution in the references section.