Microsoft IIS FTP Server Pre-Authentication Memory Corruption

Posted on Wednesday, December 22, 2010 @ 20:08:13 PST in Security
by Raven

SECUNIA ADVISORY ID: SA42713

VERIFY ADVISORY: Secunia.com: http://secunia.com/advisories/42713/

CRITICALITY: Highly Critical

RELEASE DATE: 2010-12-23

DESCRIPTION: Matthew Bergin has discovered a vulnerability in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is confirmed in a fully patched IIS 7.5 for Windows 7 Professional. Other versions may also be affected.

The vulnerability is caused due to an error when processing FTP requests and can be exploited to corrupt memory via an overly long, specially crafted request. Successful exploitation may allow execution of arbitrary code.

SOLUTION: Restrict traffic to the FTP service.

PROVIDED AND/OR DISCOVERED BY: Matthew Bergin

ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/15803/
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info v2.2.2

Last SeenLast Seen
Server TrafficServer Traffic
  • Total: 339,226,322
  • Today: 21,949
Server InfoServer Info
  • Oct 22, 2017
  • 05:12 am PDT
 
 

Daily Inspiration