Lucene search

K
cve[email protected]CVE-2009-3023
HistoryAug 31, 2009 - 8:30 p.m.

CVE-2009-3023

2009-08-3120:30:01
CWE-120
web.nvd.nist.gov
823
iis
ftp
buffer overflow
rce
dos
vulnerability
memory corruption
cve-2009-3023

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.97

Percentile

99.7%

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka “IIS FTP Service RCE and DoS Vulnerability.”

Affected configurations

NVD
Node
microsoftinternet_information_serverRange5.06.0
AND
microsoftwindows_2000Match-sp4
OR
microsoftwindows_server_2003Match-sp2itanium
OR
microsoftwindows_server_2003Match-sp2x64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp2professionalx64
OR
microsoftwindows_xpMatch-sp3
Node
microsoftwindows_server_2008Match--itanium
OR
microsoftwindows_server_2008Match--x64
OR
microsoftwindows_server_2008Match--x86
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_server_2008Match-sp2x86
OR
microsoftwindows_server_2008Match-sp2-x86
OR
microsoftwindows_vistaMatch--
OR
microsoftwindows_vistaMatch-x64
OR
microsoftwindows_vistaMatch-sp1-
OR
microsoftwindows_vistaMatch-sp1-x64
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_vistaMatch-sp2-x64

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

AI Score

7.4

Confidence

Low

EPSS

0.97

Percentile

99.7%