FTP Command Injection Vulnerability in Microsoft IIS
CVE-2012-2532

Currently unrated

Key Information:

Vendor: Microsoft
Status: Ftp Service
Vendor: CVE Published:; 14 November 2012

What is CVE-2012-2532?

The Microsoft FTP Service versions 7.0 and 7.5 for Internet Information Services (IIS) contains a vulnerability that allows unauthorized command processing before establishing a secure TLS session. This flaw can be exploited by remote attackers to retrieve sensitive information through the responses generated from the processed commands. As a result, it poses a significant risk to system integrity and data confidentiality.

References

http://www.securityfocus.com/bid/56440

vdb-entryx_refsource_BID

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

32% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2012
Vulnerability Reserved
May 9, 2012