Description

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

Remediation

References

CVE-2009-3023

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-31551)

Lighttpd Cryptographic Issues Vulnerability (CVE-2013-1427)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.5.2)

WordPress Plugin WP Prayer Cross-Site Scripting (1.9.6)

Internet Information Services Other Vulnerability (CVE-2000-0630)

Severity

Critical

Classification

CVE-2009-3023 CWE-120

Tags

Missing Update Known Vulnerabilities