Signature Detail

HTTP: Microsoft w3who.dll Cross-Site Scripting

This signature detects attempts to exploit a cross-site scripting vulnerability in the Microsoft W3Who Internet Server Application Programming Interface application dynamic-link library. Attackers can steal authentication credentials.

Extended Description

The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic administration of the Windows platform. The w3who.dll library is a utility designed to provide auditing of server configuration remotely through a Web browser. Multiple remote vulnerabilities affect the w3who.dll library of Microsoft's Windows Resource Kit. These issues are due to a failure of the library to properly sanitize and perform proper bounds checking on user-supplied input. The first two issues are cross-site scripting vulnerabilities. The final issue is a buffer overflow vulnerability. These issues may be exploited to conduct cross-site scripting attacks and execute arbitrary code with the privileges of the affected Web server. This may facilitate theft of cookie based authentication credentials, unauthorized access, privileges escalation other attacks.

Affected Products

• Microsoft w3who.dll

References

• BugTraq: 11820
• CVE: CVE-2004-1133
• URL: http://www.securityfocus.com/archive/1/383394