Vulnerability Details CVE-2009-3023
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.78
EPSS Ranking 98.9%
CVSS Severity
CVSS v2 Score 9.0
References
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
- http://www.exploit-db.com/exploits/9541
- http://www.exploit-db.com/exploits/9559
- http://www.kb.cert.org/vuls/id/276653
- http://www.securityfocus.com/bid/36189
- http://www.us-cert.gov/cas/techalerts/TA09-286A.html
- http://www.vupen.com/english/advisories/2009/2481
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080
- http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
- http://www.exploit-db.com/exploits/9541
- http://www.exploit-db.com/exploits/9559
- http://www.kb.cert.org/vuls/id/276653
- http://www.securityfocus.com/bid/36189
- http://www.us-cert.gov/cas/techalerts/TA09-286A.html
- http://www.vupen.com/english/advisories/2009/2481
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080
Products affected by CVE-2009-3023
-
cpe:2.3:a:microsoft:internet_information_server:5.0
-
cpe:2.3:a:microsoft:internet_information_server:5.1
-
cpe:2.3:a:microsoft:internet_information_server:6.0
-
cpe:2.3:o:microsoft:windows_2000:-
-
cpe:2.3:o:microsoft:windows_server_2003:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_vista:-
-
cpe:2.3:o:microsoft:windows_xp:-