CVE-2005-4360

high

Microsoft

CVSS v3 Base Score

7.8

AV:N/AC:L/Au:N/C:N/I:C/A:N

EPSS Score

77.1%

Exploitation probability in 30 days

Top 1% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: December 20, 2005 (7450 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

CWE

CWE-252

Affected Products

microsoft internet information services

References

🔗 archive.cert.uni-stuttgart.de 🔗 ingehenriksen.blogspot.com 🔗 secunia.com 🔗 securityreason.com 🔗 securitytracker.com

CVE-2005-4360

Vulnerability Report

Description

CWE

Affected Products

References