CVE-2004-1134 : Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possib

Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.

Published 2005-01-10 05:00:00

Updated 2017-07-11 01:30:46

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2004-1134

Probability of exploitation activity in the next 30 days: 96.53%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2004-1134

Microsoft IIS ISAPI w3who.dll Query String Overflow

Disclosure Date: 2004-12-06

First seen: 2020-04-26

exploit/windows/isapi/w3who_query

This module exploits a stack buffer overflow in the w3who.dll ISAPI application. This vulnerability was discovered Nicolas Gregoire and this code has been successfully tested against Windows 2000 and Windows XP (SP2). When exploiting Windows XP, the payload

More information

CVSS scores for CVE-2004-1134

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2004-1134

Products affected by CVE-2004-1134

Microsoft » W3who.dll
cpe:2.3:a:microsoft:w3who.dll:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2004-1134

Exploit prediction scoring system (EPSS) score for CVE-2004-1134

Metasploit modules for CVE-2004-1134

Microsoft IIS ISAPI w3who.dll Query String Overflow

CVSS scores for CVE-2004-1134

References for CVE-2004-1134

Products affected by CVE-2004-1134