Advertisement






Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit

CVE Category Price Severity
CVE-2009-1535 CWE-399 $500 High
Author Risk Exploitation Type Date
Anonymous High Remote 2006-01-02
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 0.783214 0.945312

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005120051

Below is a copy:

** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/ **

Advisory Name: 
Microsoft IIS Remote Denial of Service (DoS) .DLL Url exploit

Release Date: 
16. Desember 2005

Vulnerable: 
Microsoft® Internet Information Server® V5.1

Not vulnerable: 
Microsoft® Internet Information Server® V5.0 
Microsoft® Internet Information Server® V6.0

Severity: 
High

Discovered by: 
Inge Henriksen (inge.henriksen (at) booleansoft (dot) com [email concealed]) http://ingehenriksen.blogspot.com/

Vendor Status: 
Notified 28. January 2005. No fix will be released until Microsoft® Windows® XP Service Pack 3 
(Rumored due late 2006).

Description:
I have found that by doing a malformed anonymous HTTP request one can remotely crash the IIS service 
process, inetinfo.exe, using just a simple tool like a web browser. The vulnerablity is only present 
in folders with Execute Permissions set to Scripts & Executables, examples of vulnerable virtual 
folders would be "<webroot>/_vti_bin" and the like.

Suggested solution:
Block all incoming URL's containing  "~0", "~1", "~2", "~3", "~4", "~5", "~6", "~7", "~8", or "~9" 
(Ignore quotes).

Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.