Summary
This host is running Microsoft IIS with FTP server and is prone to Denial of service vulnerability.
Impact
Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause the application to crash.
Impact Level: Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx
Insight
The flaw is due to a boundary error when encoding Telnet IAC characters in a FTP response. This can be exploited without authenticating to the FTP service to cause a heap-based buffer overflow by sending an overly long, specially crafted FTP request.
Affected
Windows 7 IIS 7.5 FTP Server
References
Severity
Classification
-
CVE CVE-2010-3972 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities