Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3023

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2009-3023
Last Modified 24 Jun 2011 12:00:00
Published 31 Aug 2009 04:30:01
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-3023

Summary

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

Vulnerable Systems

Application

  • Microsoft Iis 5.0

  • Microsoft Iis 6.0


References

CERT - TA09-286A

CERT-VN - VU#276653

MS - MS09-053

VUPEN - ADV-2009-2481

BID - 36189

MILW0RM - 9559

MILW0RM - 9541

MSKB - 975191


Last Updated: 27 May 2016 10:51:06