Info

Disclosure

Dec 16, 2005

Discovery

Unknown

Dates

Exploit

Dec 16, 2005

Solution

Unknown

Description

Microsoft Internet Information Services (IIS) contains a flaw that may allow a remote denial of service. The issue is triggered when a crafted URL pointing to a folder with execute permission set to Scripts and Executables is sent, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Internet Information Services

5.1

References

Security Tracker: 1015376
Milw0rm: 1376
Exploit Database: 1376
Bugtraq ID: 15921
Secunia Advisory ID: 18106
SCIP VulDB ID: 1928
CVE ID: 2005-4360 (see also: NVD)
Microsoft Knowledge Base Article: 939373
VUPEN Advisory: ADV-2005-2963
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-12/0212.html
http://archives.neohapsis.com/archives/bugtraq/2007-07/0255.html
Other Advisory URL: http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html
Generic Exploit URL: http://www.securiteam.com/exploits/6R00N1PEUA.html
http://www.securiteam.com/exploits/6U00Q1PEUY.html
Microsoft Security Bulletin: MS07-041

Credit

Inge Henriksen - inge.henriksenbooleansoft.com -

Direct URL: http://osvdb.org/21805