W3who.dll Overflow And XSS Network Vulnerability

Summary

The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables. OVS has determined that this file is installed on the remote host. The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on this host, through a buffer overflow, or to mount XSS attacks.

Solution

Delete this file

Severity

Classification

CVE CVE-2004-1133, CVE-2004-1134
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apple Safari RSS Feed Information Disclosure Vulnerability
Artifectx xClassified 'catid' SQL Injection Vulnerability
AproxEngine Multiple Remote Input Validation Vulnerabilities
b2Evolution title SQL Injection
Adobe ColdFusion Directory Traversal Vulnerability

w3who.dll overflow and XSS

Take action and discover your vulnerabilities