HTTP: Microsoft W3Who Buffer Overflow
This signature detects attempts to exploit a known vulnerability against the Microsoft W3Who Internet server application Dynamic-Link library. Attackers can remotely send a long string to overflow a buffer and execute malicious code on the server.
Extended Description
The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic administration of the Windows platform. The w3who.dll library is a utility designed to provide auditing of server configuration remotely through a Web browser. Multiple remote vulnerabilities affect the w3who.dll library of Microsoft's Windows Resource Kit. These issues are due to a failure of the library to properly sanitize and perform proper bounds checking on user-supplied input. The first two issues are cross-site scripting vulnerabilities. The final issue is a buffer overflow vulnerability. These issues may be exploited to conduct cross-site scripting attacks and execute arbitrary code with the privileges of the affected Web server. This may facilitate theft of cookie based authentication credentials, unauthorized access, privileges escalation other attacks.
Affected Products
Microsoft w3who.dll
Short Name
HTTP:OVERFLOW:MS-W3WHO-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2004-1134 Microsoft Overflow W3Who bid:11820
Release Date
03/16/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Microsoft
CVSS Score
10.0