CVE-2005-4360

Vulnerability Description

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.htmlIssue TrackingThird Party Advisory
• http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.htmlExploitVendor Advisory
• http://secunia.com/advisories/18106ExploitVendor Advisory
• http://securityreason.com/securityalert/271Third Party Advisory
• http://securitytracker.com/alerts/2005/Dec/1015376.htmlThird Party AdvisoryVDB Entry
• http://www.osvdb.org/21805Broken Link
• http://www.securityfocus.com/archive/1/419707/100/0/threadedThird Party AdvisoryVDB Entry
• http://www.securityfocus.com/bid/15921Third Party AdvisoryVDB Entry
• http://www.us-cert.gov/cas/techalerts/TA07-191A.htmlThird Party AdvisoryUS Government Resource
• http://www.vupen.com/english/advisories/2005/2963Vendor Advisory
• https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-04PatchVendor Advisory
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Third Party Advisory
• http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.htmlIssue TrackingThird Party Advisory
• http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.htmlExploitVendor Advisory
• http://secunia.com/advisories/18106ExploitVendor Advisory