|
|||
Rule General Information |
---|
Release Date: | 2021-03-26 | |
Rule Name: | Microsoft IIS Malformed URL Denial of Service Vulnerability (CVE-2005-4360) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A memory corruption vulnerability exists in Microsoft Internet Information Services (IIS) WWW component. The vulnerability is caused by improper handling of certain malformed request URLs. A remote unauthenticated attacker can send a specially crafted URL four times to the target IIS service to cause the service to crash or execute arbitrary code on the target system with privileges of the target service, normally System. | |
Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
Affected OS: | Windows | |
Reference: | http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html SecurityFocusBID:15921 MicrosoftSecurityBulletin:ms07-041 http://archive.cert.uni-stuttgart.de/bugtraq/2007/07/msg00254.html |
|
Solutions |
---|
Microsoft has released a patch MS07-041 to eliminate the vulnerability. The patch can be downloaded at: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-041 |