CVE-2005-4360

critical

Description

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041

http://www.vupen.com/english/advisories/2005/2963

http://www.us-cert.gov/cas/techalerts/TA07-191A.html

http://www.securityfocus.com/bid/15921

http://www.securityfocus.com/archive/1/419707/100/0/threaded

http://securitytracker.com/alerts/2005/Dec/1015376.html

http://securityreason.com/securityalert/271

http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html

Details

Source: Mitre, NVD

Published: 2005-12-20

Updated: 2021-11-08

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical