Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-4360

CWE-252 — Unchecked Return Value5 documents4 sources

Severity

7.8HIGH

EPSS

77.1%

top 1.03%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Services

Timeline

PublishedDec 20

Latest updateMay 1

Description

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

CVSS vector

AV:N/AC:L/C:N/I:C/A:NExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/internet_information_services5.1

Patches

Patch: docs.microsoft.com ↗Patch: docs.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-5jvw-5r9c-59q7: The URL parser in Microsoft Internet Information Services (IIS) 5↗2022-05-01

▶

CVEList

CVE-2005-4360: The URL parser in Microsoft Internet Information Services (IIS) 5↗2005-12-20

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS - HTTP Request Denial of Service (2)↗2005-12-19

▶

Exploit-DB

Microsoft IIS - HTTP Request Denial of Service (1)↗2005-12-19

▶