CVE-2005-4360
First published: Tue Dec 20 2005(Updated: )
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Internet Information Services (IIS) | =5.1 | |
| Microsoft Windows XP | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
- http://secunia.com/advisories/18106
- http://www.securityfocus.com/bid/15921
- http://securitytracker.com/alerts/2005/Dec/1015376.html
- http://www.osvdb.org/21805
- http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
- http://www.us-cert.gov/cas/techalerts/TA07-191A.html
- http://securityreason.com/securityalert/271
- http://www.vupen.com/english/advisories/2005/2963
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041
- http://www.securityfocus.com/archive/1/419707/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-4360?
CVE-2005-4360 is classified as a critical vulnerability that allows remote code execution.
How do I fix CVE-2005-4360?
To mitigate CVE-2005-4360, ensure that you apply necessary patches provided by Microsoft for IIS 5.1.
What systems are affected by CVE-2005-4360?
CVE-2005-4360 primarily affects Microsoft Internet Information Services 5.1 running on Windows XP Professional SP2.
Can CVE-2005-4360 be exploited remotely?
Yes, CVE-2005-4360 can be exploited remotely by sending multiple requests to vulnerable IIS servers.
What are the symptoms of an exploit of CVE-2005-4360?
Exploitation of CVE-2005-4360 may lead to unexpected behavior of the IIS server, including crashes or unauthorized code execution.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft internet information services (iis)
- version/microsoft internet information services (iis)/5.1
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2