Microsoft Windows IIS FTP Server DOS Vulnerability Network Vulnerability

Summary

This host is running Microsoft IIS with FTP server and is prone to Denial of service vulnerability.

Impact

Successful exploitation may allow remote attackers to execute arbitrary code on the system or cause the application to crash. Impact Level: Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms11-004.mspx

Insight

The flaw is due to a boundary error when encoding Telnet IAC characters in a FTP response. This can be exploited without authenticating to the FTP service to cause a heap-based buffer overflow by sending an overly long, specially crafted FTP request.

Affected

Windows 7 IIS 7.5 FTP Server

References

http://secunia.com/advisories/42713
http://www.exploit-db.com/exploits/15803/
http://www.kb.cert.org/vuls/id/842372
http://www.securitytracker.com/id?1024921
http://www.vupen.com/english/advisories/2010/3305

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3972

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache 'mod_deflate' Denial Of Service Vulnerability - July09
Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux)
Apple QuickTime Malformed .mov File Buffer Overflow Vulnerability
Google Chrome Multiple Denial of Service Vulnerabilities - January12 (Windows)
Adersoft VbsEdit '.vbs' File Denial Of Service Vulnerability

Take action and discover your vulnerabilities