(MS09-053) IIS FTP Service DoS Vulnerability (975254)

Threat Detail

Vulnerability Type: Logic error

Impact of Exploitation: Malicious remote network traffic

CVE Reference: N/A

Next Steps:

Overview
Timeline
Recommendations
Additional Resources

Overview

A vulnerability in the Microsoft Internet Information Services (IIS) FTP Service may allow denial-of-service attacks.

A vulnerability in the Microsoft Internet Information Services (IIS) FTP Service may allow denial-of-service attacks. The flaw is specific to the method used by the FTP server to handle list commands. An attacker can issue a specially-crafted list command to a vulnerable server to cause the service to become unresponsive (DoS) or restart.

Attack Vector

Malicious remote network traffic

User Interaction

no user interaction is needed

Vendor Status

Responded and patched

Vulnerable Systems

Iis 7.0,

Timeline

2009-10-13

Vendor has provided a patch.

Recommendations

The vendor has released a patch to address this issue:
http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx

Recommendations McAfee Product Mitigation

Additional Resources

Microsoft Security Bulletin MS09-053 - Important Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
http://www.microsoft.com/technet/security/bulletin/ms09-053.mspx