Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities

The following proof of concept exploits have been made available:

XSS vulnerability when displaying HTTP headers :
Connection: keep-alive<script>alert("Hello")</script>

XSS vulnerability in error message :<script>alert("Hello")</script>

Buffer overflow when called with long parameters :[519 to 12571]....AAAAAAAAAAAAA

An exploit for the w3who.dll buffer overflow has been released as part of the MetaSploit Framework 2.3.


Privacy Statement
Copyright 2010, SecurityFocus