CVE Vulnerabilities

CVE-2005-4360

Unchecked Return Value

Published: Dec 20, 2005 | Modified: Nov 08, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:C/A:N
RedHat/V2
RedHat/V3
Ubuntu

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to .dll followed by arguments such as ~0 through ~9, which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using /_vti_bin/.dll/*/~0. NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name Vendor Start Version End Version
Internet_information_services Microsoft 5.1 (including) 5.1 (including)

Potential Mitigations

References