Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2005-4360

Published: 20/12/2005 Updated: 08/11/2021
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 790
Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
Subscribe to Microsoft

Vulnerability Summary

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote malicious users to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_information_services 5.1

Exploits

Exploit DB: Microsoft IIS - HTTP Request Denial of Service (2)
#!/usr/bin/perl # _really_ bored kokanin / IIS 51 dos thing, Inge says to use a browser at # ingehenriksenblogspotcom/2005/12/microsoft-iis-remote-dos-dll-urlhtml # kokanin not like puny browser!!"#1 I hoped Inge was a leet haxx0r ch1ck, but it's # apparently a dude, bummer According to Inge passing a kinda malformed url to # an execut ...
Exploit DB: Microsoft IIS - HTTP Request Denial of Service (1)
/***************************************************************** Microsoft IIS 51 Remote DoS Exploit by Kozan Application: Microsoft IIS (Internet Information Server) Vendor: Microsoft - wwwmicrosoftcom/ Discovered by: Inge Henriksen Exploit Coded by: Kozan Credits to ATmaCA, Inge Henriksen Web: wwwspyinstructorscom Mail: kozan@ ...

References

CWE-252http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.htmlhttp://secunia.com/advisories/18106http://www.securityfocus.com/bid/15921http://securitytracker.com/alerts/2005/Dec/1015376.htmlhttp://www.osvdb.org/21805http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-191A.htmlhttp://securityreason.com/securityalert/271http://www.vupen.com/english/advisories/2005/2963https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041http://www.securityfocus.com/archive/1/419707/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1377/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXECVE-2024-34490SQL injectionCVE-2024-34488CVE-2024-4507CVE-2023-7028CVE-2024-23187TCPCVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook