CVE-2005-4360

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to .dll followed by arguments such as ~0 through ~9, which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using /_vti_bin/.dll/*/~0. NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

Weakness

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Affected Software

Name	Vendor	Start Version	End Version
Internet_information_services	Microsoft	5.1 (including)	5.1 (including)

Potential Mitigations

References

http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html
http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
http://secunia.com/advisories/18106
http://securityreason.com/securityalert/271
http://securitytracker.com/alerts/2005/Dec/1015376.html
http://www.osvdb.org/21805
http://www.securityfocus.com/archive/1/419707/100/0/threaded
http://www.securityfocus.com/bid/15921
http://www.us-cert.gov/cas/techalerts/TA07-191A.html
http://www.vupen.com/english/advisories/2005/2963
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1703

NVD	https://nvd.nist.gov/vuln/detail/CVE-2005-4360
CWE	https://cwe.mitre.org/data/definitions/252.html

Unchecked Return Value

Weakness

Affected Software

Potential Mitigations

References