Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability Network Vulnerability

Summary

This host is missing important security update according to Microsoft Bulletin MS99-033.

Impact

Successful exploitation will allows remote users to crash the application leading to denial of service condition or execute arbitrary code. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link. http://technet.microsoft.com/en-us/security/bulletin/ms99-033

Insight

The FTP service in IIS has an unchecked buffer in a component that processes 'list' commands. A constructed 'list' request could cause arbitrary code to execute on the server via a classic buffer overrun technique.

Affected

Microsoft Internet Information Services version 3.0 and 4.0

References

http://en.securitylab.ru/nvd/246545.php
http://technet.microsoft.com/en-us/security/bulletin/ms99-003

Updated on 2015-03-25

Severity

Classification

CVE CVE-1999-0349
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Microsoft .NET Framework Privilege Elevation Vulnerability (2958732)
Cumulative Security Update for Internet Explorer (961260)
Cumulative Security Update for Internet Explorer (937143)
Cumulative Security Update for Internet Explorer (956390)
Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)

Take action and discover your vulnerabilities