CVE-2004-1134

Microsoft W3who.dll - Buffer Overflow

Title source: rule

Description

Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16354

View Code ZIP pw:eip

metasploit WORKING POC GOOD

by hdm · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/isapi/w3who_query.rb

View Code ZIP pw:eip

References (3)

[Mailing List] http://marc.info/?l=full-disclosure&m=110234486823233&w=2

[Various Sources] http://www.exaprobe.com/labs/advisories/esa-2004-1206.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18377

Scores

EPSS 0.8642

EPSS Percentile 99.4%

Details

Status published

Products (1)

microsoft/w3who.dll

Published Jan 10, 2005

Tracked Since Feb 18, 2026