CVE-2005-4360

Sažetak

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

Reference

http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
http://secunia.com/advisories/18106
http://www.securityfocus.com/bid/15921
http://securitytracker.com/alerts/2005/Dec/1015376.html
http://www.osvdb.org/21805
http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
http://securityreason.com/securityalert/271
http://www.vupen.com/english/advisories/2005/2963
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041
http://www.securityfocus.com/archive/1/419707/100/0/threaded

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	COMPLETE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:C/A:N

Zadnje važnije ažuriranje

08-11-2021 - 21:45

Objavljeno

20-12-2005 - 01:03