about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive Talk

exploits , vulnerabilities , articles , Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities


Title Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
Published 2004-12-06-12:00AM
Updated 2005-01-11-07:46PM
Class Boundary Condition Error
CVE   CAN-2004-1133 CAN-2004-1134
Remote  Yes
Local  No
Credit  Nicolas Gregoire <ngregoire@exaprobe.com> is credited with the discovery of this issue.
Vulnerable  Microsoft w3who.dll
Microsoft Windows 2000 Resource Kit
Not Vulnerable  
Code   The following proof of concept exploits have been made available:

XSS vulnerability when displaying HTTP headers :
Connection: keep-alive<script>alert("Hello")</script>

XSS vulnerability in error message :
http://www.example.com/scripts/w3who.dll?bogus=<script>alert("Hello")</script>

Buffer overflow when called with long parameters :
http://www.example.com/scripts/w3who.dll?AAAAAAAAA...[519 to 12571]....AAAAAAAAAAAAA

An exploit for the w3who.dll buffer overflow has been released as part of the MetaSploit Framework 2.3. /data/vulnerabilities/exploits/iis_w3who_overflow.pm
TXT  t3xt 1t!


Advertising

Copyright 2007, SecurityDot
Wed, 16 Dec 2009 06:14:02 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.chaye5 free galle Crack Data Nude Pics /index.php Aisa takia maxcpm.inf MSN messen Araib Crack Data ASA www..narut t433t sun web se Www.Blacke sql inject gbook.php2 Www.sextoo tamill sex yywang.net Arabsexmov shop sql e news for c WWW.875.gd Mhotties.c Madhuri se MS06-027 www.chaye5 phpbb post jhjgjhj maxcpm.inf Admin_file iifubiroci dolphin-v. www..narut 200 /compo vedio p i c s e bmp t799t china433.1 CMS is Fre a...html/p Sex+japann www.fashio Zoo porno /search/ex Apache+Tom php linkdi Mhotties.c