Vulnerability Details : CVE-2004-1134
Public exploit exists!
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2004-1134
Probability of exploitation activity in the next 30 days: 96.53%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2004-1134
-
Microsoft IIS ISAPI w3who.dll Query String Overflow
Disclosure Date: 2004-12-06First seen: 2020-04-26exploit/windows/isapi/w3who_queryThis module exploits a stack buffer overflow in the w3who.dll ISAPI application. This vulnerability was discovered Nicolas Gregoire and this code has been successfully tested against Windows 2000 and Windows XP (SP2). When exploiting Windows XP, the payload
CVSS scores for CVE-2004-1134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-1134
Products affected by CVE-2004-1134
- cpe:2.3:a:microsoft:w3who.dll:*:*:*:*:*:*:*:*