CVE-2005-4360

Microsoft Internet Information Services 5.1 - Remote Code Execution via DLL URL Parser

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4360. PoCs published by kokanin, Kozan.

AI-analyzed exploit summary This Perl script exploits CVE-2005-4360, a DoS vulnerability in IIS 5.1, by sending malformed URLs with randomized bad characters to executable directories. The repeated requests cause inetinfo.exe to crash.

Description

The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).

Exploits (2)

exploitdb WORKING POC VERIFIED

by kokanin · perldoswindows

https://www.exploit-db.com/exploits/1377

View Code ZIP pw:eip

This Perl script exploits CVE-2005-4360, a DoS vulnerability in IIS 5.1, by sending malformed URLs with randomized bad characters to executable directories. The repeated requests cause inetinfo.exe to crash.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Microsoft IIS 5.1

No auth needed

Prerequisites: Target running IIS 5.1 · Network access to the target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Kozan · cdoswindows

https://www.exploit-db.com/exploits/1376

View Code ZIP pw:eip

This exploit targets a denial-of-service (DoS) vulnerability in Microsoft IIS 5.1 by sending malformed HTTP POST requests to the '_vti_bin' directory. The exploit crashes the inetinfo.exe process by sending multiple crafted requests.