MS11-004 - Heap buffer overrun vulnerability in Microsoft FTP Service for Internet Information Services(IIS) 7.0 and 7.5ID: oval:org.secpod.oval:def:82 | Date: (C)2011-02-09 (M)2022-10-10 |
Class: VULNERABILITY | Family: windows |
The host is installed with Microsoft FTP Service for Internet Information Services (IIS) and is prone to heap buffer overrun vulnerability.A flaw is present in the TELNET_STREAM_CONTEXT::OnSendData function in the FTP protocol handler (ftpsvc.dll), which fails to properly handle a crafted FTP request that triggers memory corruption. Successful exploitation could allow attackers to execute arbitrary code and cause a denial of service condition.
Platform: |
Microsoft Windows Vista |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Product: |
Microsoft FTP Service 7.0 |
Microsoft FTP Service 7.5 |