Summary
The Windows 2000 Resource Kit ships with a DLL that displays the browser client context. It lists security identifiers, privileges and $ENV variables.
OVS has determined that this file is installed on the remote host.
The w3who.dll ISAPI may allow an attacker to execute arbitrary commands on this host, through a buffer overflow, or to mount XSS attacks.
Solution
Delete this file
Severity
Classification
-
CVE CVE-2004-1133, CVE-2004-1134 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
- AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
- Apache Struts2 Showcase Arbitrary Java Method Execution vulnerability
- Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
- ATutor < 1.5.1-pl1 Multiple Flaws