Description

Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

Remediation

References

CVE-2010-3972

Related Vulnerabilities

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-22504)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-45472)

WordPress Plugin WordPress Meta Robots SQL Injection (2.1)

WordPress Plugin Smart Slider 3 PRO Cross-Site Scripting (3.5.0.8)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7950)

Severity

Critical

Classification

CVE-2010-3972 CWE-119

Tags

Missing Update Known Vulnerabilities