Short Name |
HTTP:OVERFLOW:MS-W3WHO-OF |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft W3Who Buffer Overflow |
Release Date |
2005/03/16 |
Update Number |
1213 |
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against the Microsoft W3Who Internet server application Dynamic-Link library. Attackers can remotely send a long string to overflow a buffer and execute malicious code on the server.
The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic administration of the Windows platform. The w3who.dll library is a utility designed to provide auditing of server configuration remotely through a Web browser. Multiple remote vulnerabilities affect the w3who.dll library of Microsoft's Windows Resource Kit. These issues are due to a failure of the library to properly sanitize and perform proper bounds checking on user-supplied input. The first two issues are cross-site scripting vulnerabilities. The final issue is a buffer overflow vulnerability. These issues may be exploited to conduct cross-site scripting attacks and execute arbitrary code with the privileges of the affected Web server. This may facilitate theft of cookie based authentication credentials, unauthorized access, privileges escalation other attacks.