Vulnerability Note VU#842372
Microsoft IIS FTP server memory corruption vulnerability
Microsoft IIS FTP server 7.5 is affected by a pre-authentication memory corruption vulnerability.
A specifically crafted request sent to the IIS FTP service can result in memory corruption causing the service to crash. A denial-of-service exploit has been released to the public. IIS 7.5.7600.16385 on Windows 7 is reported to be affected. Other versions may also be affected. Additional details are available on Microsoft's Security Research & Defense blog.
An attacker can cause a denial of service. Depending on the specifics of the vulnerability, an attacker could potentially execute arbitrary code.
We are currently unaware of a practical solution to this problem.
Appropriate firewall rules should be implemented to restrict access to trusted sources. Customers of IPS vendors should request updated signatures for this vulnerability and block related traffic.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||22 Dec 2010|
CVSS Metrics (Learn More)
This vulnerability was reported to the public by Matthew Bergin via Exploit-DB.
This document was written by Jared Allar.
- CVE IDs: Unknown
- Date Public: 21 Dec 2010
- Date First Published: 22 Dec 2010
- Date Last Updated: 23 Dec 2010
- Severity Metric: 1.77
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.