Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
| Link | Tags |
|---|---|
| http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191 | vendor advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080 | vdb entry third party advisory signature |
| http://www.securityfocus.com/bid/36189 | exploit vdb entry third party advisory |
| http://www.exploit-db.com/exploits/9541 | exploit vdb entry third party advisory |
| http://www.us-cert.gov/cas/techalerts/TA09-286A.html | third party advisory us government resource |
| http://www.vupen.com/english/advisories/2009/2481 | vdb entry third party advisory |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053 | patch vendor advisory |
| http://www.exploit-db.com/exploits/9559 | exploit vdb entry third party advisory |
| http://www.kb.cert.org/vuls/id/276653 | third party advisory us government resource |