ID CVE-2005-4360
Summary The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*
    cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:-:*
CVSS
Base: 7.8 (as of 08-11-2021 - 21:45)
Impact:
Exploitability:
CWE CWE-252
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE COMPLETE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:C/A:N
oval via4
accepted 2007-08-20T08:04:38.567-04:00
class vulnerability
contributors
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
definition_extensions
  • comment Microsoft Windows XP SP2 or later is installed
    oval oval:org.mitre.oval:def:521
  • comment Microsoft IIS 5.1 is installed
    oval oval:org.mitre.oval:def:460
description The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
family windows
id oval:org.mitre.oval:def:1703
status accepted
submitted 2007-07-10T18:34:24
title IIS Memory Request Vulnerability
version 40
refmap via4
bid 15921
bugtraq 20051216 Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit
cert TA07-191A
hp SSRT071446
misc http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
osvdb 21805
sectrack 1015376
secunia 18106
sreason 271
vupen ADV-2005-2963
Last major update 08-11-2021 - 21:45
Published 20-12-2005 - 01:03
Last modified 08-11-2021 - 21:45
Back to Top