• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities

The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic administration of the Windows platform. The w3who.dll library is a utility designed to provide auditing of server configuration remotely through a Web browser.

Multiple remote vulnerabilities affect the w3who.dll library of Microsoft's Windows Resource Kit. These issues are due to a failure of the library to properly sanitize and perform proper bounds checking on user-supplied input.

The first two issues are cross-site scripting vulnerabilities. The final issue is a buffer overflow vulnerability.

These issues may be exploited to conduct cross-site scripting attacks and execute arbitrary code with the privileges of the affected Web server. This may facilitate theft of cookie based authentication credentials, unauthorized access, privileges escalation other attacks.