|
Family: CGI abuses : XSS --> Category: mixed
w3who.dll overflow and XSS Vulnerability Scan
Vulnerability Scan Summary Acertains the presence of w3who.dll
Detailed Explanation for this Vulnerability Test
The Windows 2000 Resource Kit ships with a DLL that displays
the browser client context. It lists security identifiers,
rights and $ENV variables.
Nessus has acertaind that this file is installed on the remote host.
The w3who.dll ISAPI may allow a possible hacker to execute arbitrary commands
on this host, through a buffer overflow, or to mount XSS attacks.
See also : http://www.exaprobe.com/labs/advisories/esa-2004-1206.html
Solution : Delete this file
Risk Factor : High
Click HERE for more information and discussions on this network vulnerability scan.
|