Microsoft Internet Information Services (IIS) FTP Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 23 Dec 2010 5213 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in Microsoft Internet Information Services (IIS), which could be exploited by remote attackers to take complete control of a vulnerable system. This issue is caused by a buffer overflow error in the "TELNET_STREAM_CONTEXT::OnSendData()" function within the protocol handler (ftpsvc.dll) for the FTP Service when processing user-supplied FTP requests, which could allow remote unauthenticated attackers to crash an affected server or execute arbitrary code with elevated privileges by sending an overly long and malformed packet to an affected FTP server.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Microsoft Internet Information Services (IIS) versions 7.x

Solutions

There is no patch available for this vulnerability currently.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Microsoft WMI Administrative Tools Trusted Value Remote Code Execution Vulnerability

23 Dec 2010 5186 Views

Next

Microsoft Internet Explorer Remote Code Execution vulnerability

24 Dec 2010 4970 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY