Title: OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability
Severity: HIGH
Description:
O'Reilly WebSite (Pro) is a Windows 95/NT Web Server package. Versions 2.0 and below contained a vulnerable sample script, win-c-sample.exe, placed by default in /cgi-shl/ off the web root directory. This program is vulnerable to a buffer overflow, allowing for execution of arbitrary commands on the host machine with the privileges of the web server. Consequences of successful exploitation could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities.
Affected Products:
- OReilly Software WebSite 1.0.0
- OReilly Software WebSite 1.1.0
- OReilly Software WebSite Professional 1.1.0b
- OReilly Software WebSite Professional 1.1.0c
- OReilly Software WebSite Professional 2.0.0
References:
- OReilly & Associates: Website Professional Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
