[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96174

 
 

909

 
 

78077

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2010-3972

Date: (C)2010-12-23   (M)2017-09-19
 
CVSS Score: 10.0Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 10.0Authentication: NONE
 Confidentiality: COMPLETE
 Integrity: COMPLETE
 Availability: COMPLETE











Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

Reference:
SECTRACK-1024921
EXPLOIT-DB-15803
SECUNIA-42713
BID-45542
ADV-2010-3305
MS11-004
VU#842372
http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
ms-iis-onsenddata-bo(64248)

CPE    1
cpe:/a:microsoft:iis:7.5
CWE    1
CWE-119
OVAL    2
oval:org.secpod.oval:def:82
oval:org.secpod.oval:def:1044

© 2013 SecPod Technologies