CVE-2005-4360
First published: Tue Dec 20 2005(Updated: )
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services | =5.1 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
- http://secunia.com/advisories/18106
- http://www.securityfocus.com/bid/15921
- http://securitytracker.com/alerts/2005/Dec/1015376.html
- http://www.osvdb.org/21805
- http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
- http://www.us-cert.gov/cas/techalerts/TA07-191A.html
- http://securityreason.com/securityalert/271
- http://www.vupen.com/english/advisories/2005/2963
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041
- http://www.securityfocus.com/archive/1/419707/100/0/threaded
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/type
- agent/description
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft internet information services
- version/microsoft internet information services/5.1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2