(EXTREMADAMENTE CRITICO)
Microsoft Browser Client Context Tool Three Vulnerabilities
http://secunia.com/advisories/13365/
Secunia Advisory: SA13365 Print Advisory
Release Date: 2004-12-07
Critical: Highly critical
Impact:
Cross Site Scripting
System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Browser Client Context Tool (W3Who.dll)
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
CVE reference: CAN-2004-1133
CAN-2004-1134
Description:
Nicolas Gregoire has reported some vulnerabilities in Microsoft
Browser Client Context Tool (W3Who.dll), which can be exploited by
malicious people to conduct cross-site scripting attacks or
potentially compromise a vulnerable system.
1) Invalid input passed to the ISAPI extension is not properly
sanitised before being returned to users in error messages. This can
be exploited to execute arbitrary HTML and script code in a user's
browser session in context of a vulnerable web site.
Example:
http://[host]/scripts/w3who.dll?bogus=[code]
2) Input passed in HTTP headers is not properly sanitised before being
displayed. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of a vulnerable web site.
3) A boundary error within the processing of parameters can be
exploited to cause a buffer overflow by passing an overly long
parameter.
Example:
http://[host]/scripts/w3who.dll?AAAAAAAAA...[519 to
12571]AAAAAAAAAAAAA
Solution:
Remove the W3Who.dll ISAPI extension.
Provided and/or discovered by:
Nicolas Gregoire, Exaprobe.
Original Advisory:
http://www.exaprobe.com/labs/adviso...-1206.html
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mas referencias:
http://www.securitytracker.com/aler...12435.html
http://www.theinquirer.net/?article 086
Leer las respuestas