Vulnerability Details : CVE-2004-1134
Public exploit exists!
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2004-1134
96.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2004-1134
-
Microsoft IIS ISAPI w3who.dll Query String Overflow
Disclosure Date: 2004-12-06First seen: 2020-04-26exploit/windows/isapi/w3who_queryThis module exploits a stack buffer overflow in the w3who.dll ISAPI application. This vulnerability was discovered Nicolas Gregoire and this code has been successfully tested against Windows 2000 and Windows XP (SP2). When exploiting Windows XP, the payload
CVSS scores for CVE-2004-1134
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2004-1134
Products affected by CVE-2004-1134
- cpe:2.3:a:microsoft:w3who.dll:*:*:*:*:*:*:*:*