The Inquirer-Home

Holes found in Microsoft browser client context tool

Category "highly critical"
By INQUIRER staff
Tue Dec 07 2004, 11:44
SECUNIA ALERTED users to three holes in the Microsoft Browser Client Tool, which has the less sexy cognomen of w3who.dll.

The firm said the holes, discovered by Nicolas Gregoire, allow wicked people to conduct cross site scripting attacks or to compromise vulnerable systems.

The first hole means that invalid input passed to ISAPI extension is not "sanitised" properly before being returned as error messages. This can mean people can execute arbitrary HTML and script code in a browser session at a vulnerable web site.

The second hole consists of input passed in HTTP headers not being properly cleaned up either, allowing similar shenanigans to happen.

Thirdly, a boundary error when processing parameters can be exploited to create a buffer overflow by passing a heck of a long parameter, such as http://[host]/scripts/w3who.dll?AAAAAAAAA...[519 to 12571]....AAAAAAAAAAAAA

The solution is to remove the 23who.dll ISAPI extension, Secunia said. ยต

Share this:

Comments

There are no comments submitted yet. Do you have an interesting opinion? Then be the first to post a comment.

aboutus
Advertisement
Subscribe to INQ newsletters
Click here to sign up
INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage
Advertisement
INQ Jobs
INQ Poll

Facebook starts selling shares

Will you buy Facebook shares?

View other polls
Follow us:
Business & Technology websites:
Business research resources:
Products:
Investment Market IT websites:
Find out what you are worth:
Search for a job:
Recruitment Agency A-Z Directory
Accreditations: