Summary
his host is missing important security update according to Microsoft Bulletin MS02-018.
Impact
Successful exploitation will allows remote users to crash the application leading to denial of service condition or execute arbitrary code.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link.
http://technet.microsoft.com/en-us/security/bulletin/ms02-018
Insight
Error in the handling of FTP session status requests. If a remote attacker with an existing FTP session sends a malformed FTP session status request, an access violation error could occur that would cause the termination of FTP and Web services on the affected server.
Affected
Microsoft Internet Information Services version 4.0, 5.0 and 5.1
References
- http://marc.info/?l=bugtraq&m=101901273810598&w=2
- http://technet.microsoft.com/en-us/security/bulletin/ms02-018
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20020415-ms02-018
- http://www.cert.org/advisories/CA-2002-09.html
- http://xforce.iss.net/xforce/xfdb/8801
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2002-0073 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Microsoft SharePoint Server HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340) - Remote
- Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerabilities (2778344)
- Microsoft IIS Malformed File Extension Denial of Service Vulnerability
- Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)