W3who.dll Overflow And XSS Network Vulnerability

Summary

The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables. OVS has determined that this file is installed on the remote host. The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on this host, through a buffer overflow, or to mount XSS attacks.

Solution

Delete this file

Severity

Classification

CVE CVE-2004-1133, CVE-2004-1134

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Astium VoIP PBX SQL Injection Vulnerability
ATutor < 1.5.1-pl1 Multiple Flaws
Adobe ColdFusion Multiple Vulnerabilities-02 May-2014
Advantech WebAccess Multiple Vulnerabilities

w3who.dll overflow and XSS

Take action and discover your vulnerabilities