Published: 04/09/2009 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 510

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Subscribe to Internet Information Services

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 up to and including 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft internet information services

# Exploit Title: [MS09-053] Microsoft IIS FTP Server <= 70 Stack Exhaustion DoS # Date: Jul 03, 2011 # Updated: Jul 13, 2011 # Author: Myo Soe <YGN Ethical Hacker Group - yehgnet/> # Software Link: wwwmicrosoftcom/ # Version: 50 - 70 # Tested on: unpatched version of windows xp & 2k3 ## # $Id: $ ## ## # This file ...

***** MS IIS FTPD DoS ZER0DAY ***** There is a DoS vulnerability in the globbing functionality of IIS FTPD Anonymous users can exploit this if they have read access to a directory!!! Normal users can exploit this too if they can read a directory Example session where the anonymous user has read access to the folder "pub": C:\Users\Nikolaos> ...

CWE-400 http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html http://www.us-cert.gov/cas/techalerts/TA09-286A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053 http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191 https://nvd.nist.gov https://www.exploit-db.com/exploits/17476/

CVE-2009-2521

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect