Microsoft IIS FTP Service Heap Buffer Overrun Vulnerability( 09 February 2011 )

Last Update Date: 11 Feb 2011 Release Date: 9 Feb 2011 6503 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

A vulnerability exists in the FTP Service in Microsoft Internet Information Services (IIS) 7.0 and Microsoft Internet Information Services (IIS) 7.5. The vulnerability could allow remote code execution.

Impact

Remote Code Execution

System / Technologies affected

Microsoft FTP Service 7.0 for IIS 7.0
Microsoft FTP Service 7.5 for IIS 7.0
Microsoft FTP Service 7.5 for IIS 7.5
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch

Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Microsoft FTP Service 7.0 for IIS 7.0
- Microsoft FTP Service 7.5 for IIS 7.0
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Microsoft FTP Service 7.0 for IIS 7.0
- Microsoft FTP Service 7.5 for IIS 7.0
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Microsoft FTP Service 7.0 for IIS 7.0
- Microsoft FTP Service 7.5 for IIS 7.0
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Microsoft FTP Service 7.0 for IIS 7.0
- Microsoft FTP Service 7.5 for IIS 7.0
Windows 7 for 32-bit Systems
- Microsoft FTP Service 7.5 for IIS 7.5
Windows 7 for x64-based Systems
- Microsoft FTP Service 7.5 for IIS 7.5
Windows Server 2008 R2 for x64-based Systems
- Microsoft FTP Service 7.5 for IIS 7.5
Windows Server 2008 R2 for Itanium-based Systems
- Microsoft FTP Service 7.5 for IIS 7.5

Vulnerability Identifier

CVE-2010-3972

Source

Microsoft