Heap-Based Buffer Overflow in Microsoft FTP Service for IIS 7.0 and 7.5
CVE-2010-3972
Currently unrated
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 23 December 2010
What is CVE-2010-3972?
A heap-based buffer overflow vulnerability exists in the TELNET_STREAM_CONTEXT::OnSendData function within the ftpsvc.dll of Microsoft FTP Service for Internet Information Services (IIS) 7.0 and 7.5. This vulnerability can be exploited by remote attackers to execute arbitrary code or trigger a denial of service through specially crafted FTP commands. Successful exploitation may lead to a system crash or unauthorized access to system resources, making it imperative for users of affected versions to apply updates and follow security best practices.