Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
The following proof of concept exploits have been made available:
XSS vulnerability when displaying HTTP headers :
XSS vulnerability in error message :
Buffer overflow when called with long parameters :
http://www.example.com/scripts/w3who.dll?AAAAAAAAA...[519 to 12571]....AAAAAAAAAAAAA
An exploit for the w3who.dll buffer overflow has been released as part of the MetaSploit Framework 2.3.