BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Microsoft IIS 7 FTP Buffer Overflow

Disclosed December 22, 2010    Fully Patched

Vulnerability Description:

Microsoft Internet Information Services (IIS) contains a buffer overflow vulnerability when processing user-supplied FTP requests. Successful exploitation could allow remote attackers to remotely execute arbitrary code.

Vendors:

Microsoft

Vulnerable Software/Devices:

IIS 7.x

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

  • BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
    • Retina Audit 14080 - Microsoft IIS FTP Service Remote Code Execution (2489256) - Vista/2008
    • Retina Audit 14081 - Microsoft IIS FTP Service Remote Code Execution (2489256) - 7/2008 R2

Mitigation:

Apply appropriate patch from MS11-004.

Links:

CVE(s):

None

Leave a Reply