Buffer Overflow in FTP Service of Microsoft Internet Information Services (IIS)
CVE-2009-3023

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Information Server
Vendor
CVE Published:
31 August 2009

What is CVE-2009-3023?

A buffer overflow vulnerability exists in the FTP Service of Microsoft Internet Information Services (IIS) versions 5.0 and 6.0, which can be exploited by remote authenticated users. This vulnerability occurs due to improper handling of the NLST command with wildcards, allowing attackers to execute arbitrary code on the affected system. Successful exploitation can result in memory corruption, causing significant security threats to the server including remote code execution and denial of service.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN...
vendor-advisoryx_refsource_MSKB
https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.securityfocus.com/bid/36189
vdb-entryx_refsource_BID

EPSS Score

77% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.