Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
The Microsoft Windows 2000 Resource Kit supports many utilities designed for diagnostic administration of the Windows platform. The w3who.dll library is a utility designed to provide auditing of server configuration remotely through a Web browser.
Multiple remote vulnerabilities affect the w3who.dll library of Microsoft's Windows Resource Kit. These issues are due to a failure of the library to properly sanitize and perform proper bounds checking on user-supplied input.
The first two issues are cross-site scripting vulnerabilities. The final issue is a buffer overflow vulnerability.
These issues may be exploited to conduct cross-site scripting attacks and execute arbitrary code with the privileges of the affected Web server. This may facilitate theft of cookie based authentication credentials, unauthorized access, privileges escalation other attacks.