7 matches found
CVE-2004-1134
creationtimestamp| type| source ---|---|--- 2010-07-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16354 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/w3whoquery.rb 2025-02-06 03:13:38+00:00| seen|...
Microsoft ISAPI W3Who Library Buffer Overflow (CVE-2004-1134)
The W3Who dynamically linked library DLL, when used in the context of an IIS HTTP server, provides various information about the current HTTP client, as well as the current running environment. It is included with the Internet Services Application Programming Interface ISAPI and is meant to be us...
Microsoft IIS ISAPI w3who.dll Query String Overflow
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Microsoft II...
Microsoft IIS ISAPI w3who.dll Query String Overflow
This module exploits a stack buffer overflow in the w3who.dll ISAPI application. This vulnerability was discovered Nicolas Gregoire and this code has been successfully tested against Windows 2000 and Windows XP SP2. When exploiting Windows XP, the payload must call RevertToSelf before it will be...
iis_w3who_overflow.pm
This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core Framework dual GPLv2 and Artistic. The latest version of the...
Immunity Canvas: W3WHO
Name| w3who ---|--- CVE| CVE-2004-1134 Exploit Pack| CANVAS Description| w3who.dll stack overflow Notes| CVSS: 10.0 Date public: 05/01/2001 VENDOR: Microsoft CVE Url: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1134 CVE Name: CVE-2004-1134...
CVE-2004-1134
CVE-2004-1134 covers a stack/ buffer overflow in the Microsoft IIS ISAPI w3who.dll (W3Who) triggered by long query strings. The root cause is lack of input sanitization for CGI variables, enabling remote attackers to cause denial of service and potentially execute arbitrary code with IIS privileg...