CVE-2005-4360

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2

Description The issue concerns the URL parser in Microsoft Internet Information Services (IIS) 5.1, allowing remote attackers to execute arbitrary code. This is achieved through multiple requests to ".dll" followed by specific arguments, such as ~0 through ~9, which causes ntdll.dll to produce a return value that IIS does not handle correctly. An example of such a request is "/ vti bin/.dll/*/~0". Initially, it was believed that the consequence of this issue would only be a denial of service, resulting in an application crash and reboot.

Recommendations For Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2, consider restricting access to the URL parser or applying specific configuration changes to handle the return value from ntdll.dll correctly until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.