Buffer Overflow in FTP Service of Microsoft Internet Information Services (IIS)
CVE-2009-3023

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server
Vendor: CVE Published:; 31 August 2009

Summary

A buffer overflow vulnerability exists in the FTP Service of Microsoft Internet Information Services (IIS) versions 5.0 and 6.0, which can be exploited by remote authenticated users. This vulnerability occurs due to improper handling of the NLST command with wildcards, allowing attackers to execute arbitrary code on the affected system. Successful exploitation can result in memory corruption, causing significant security threats to the server including remote code execution and denial of service.

References

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN...

vendor-advisoryx_refsource_MSKB

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/36189

vdb-entryx_refsource_BID

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 31, 2009
Vulnerability Reserved
Aug 31, 2009