Vulnerability CVE-2005-4360
Published: 2005-12-19   Modified: 2012-02-12

Description:
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit
Inge Henriksen
18.12.2005

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:C/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Complete
None
Affected software
Microsoft -> Internet information server 

 References:
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
http://securityreason.com/securityalert/271
http://securitytracker.com/alerts/2005/Dec/1015376.html
http://www.securityfocus.com/archive/1/419707/100/0/threaded
http://www.securityfocus.com/bid/15921
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
http://www.vupen.com/english/advisories/2005/2963
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703
Copyright 2024, cxsecurity.com

 

Back to Top