Remote Code Execution Vulnerability in Microsoft Internet Information Services 5.1
CVE-2005-4360

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Information Services
Vendor
CVE Published:
20 December 2005

What is CVE-2005-4360?

The URL parsing mechanism in Microsoft Internet Information Services (IIS) version 5.1 for Windows XP Professional SP2 can be exploited by remote attackers. By sending specially crafted requests to the server that target .dll files, these attackers can execute arbitrary code. This exploitation occurs when the arguments passed after the .dll request, such as '~0' to '~9', trigger a mishandling of return values in ntdll.dll. The potential impact of this vulnerability extends beyond mere denial of service, allowing attackers to gain unauthorized access and execute harmful code on the server.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg0...
vendor-advisoryx_refsource_HP
http://www.securityfocus.com/archive/1/419707/100/0/threaded
mailing-listx_refsource_BUGTRAQ
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.