TITLE: Microsoft IIS Malformed URL Potential Denial of Service Vulnerability SECUNIA ADVISORY ID: SA18106 VERIFY ADVISORY: http://secunia.com/advisories/18106/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ SOFTWARE: Microsoft Internet Information Services (IIS) 5.x http://secunia.com/product/39/ DESCRIPTION: Inge Henriksen has discovered a vulnerability in Microsoft Internet Information Services (IIS), which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the handling of certain malformed URL. This can be exploited to cause the IIS service to crash. Example: http://[host]/[dir]/.dll/%01~0 Successful exploitation requires that "[dir]" is a virtual directory that is configured with "Scripts & Executables" execution permissions. Note: IIS will automatically restart after the crash. The vulnerability has been confirmed in IIS 5.1 on a full patched version of Microsoft Windows XP SP2. SOLUTION: Filter potential malicious characters or character sequences with a HTTP proxy. IIS 5.0 and 6.0 are reportedly not affected. PROVIDED AND/OR DISCOVERED BY: Inge Henriksen ORIGINAL ADVISORY: http://ingehenriksen.blogspot.com/2005/12/microsoft-iis-remote-dos-dll-url.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------