Heap buffer overrun vulnerability in Microsoft FTP Service for Internet Information Services(IIS) 7.0 and 7.5 - MS11-004ID: oval:org.secpod.oval:def:1044 | Date: (C)2011-05-24 (M)2022-09-09 |
Class: PATCH | Family: windows |
The host is missing an critical security update according to Microsoft security bulletin, MS11-004. The update is required to fix a heap buffer overrun vulnerability in Microsoft FTP Service for Internet Information Services (IIS). A flaw is present in the TELNET_STREAM_CONTEXT::OnSendData function in the FTP protocol handler (ftpsvc.dll), which fails to properly handle a crafted FTP request that triggers memory corruption. Successful exploitation could allow attackers to execute arbitrary code and cause a denial of service condition.
Platform: |
Microsoft Windows Vista |
Microsoft Windows 7 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Product: |
Microsoft FTP Service 7.0 |
Microsoft FTP Service 7.5 |