The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to .dll followed by arguments such as ~0 through ~9, which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using /_vti_bin/.dll/*/~0. NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Internet_information_services | Microsoft | 5.1 (including) | 5.1 (including) |