Lucene search

K
nvd[email protected]NVD:CVE-2009-3023
HistoryAug 31, 2009 - 8:30 p.m.

CVE-2009-3023

2009-08-3120:30:01
CWE-120
web.nvd.nist.gov
1

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.7%

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka “IIS FTP Service RCE and DoS Vulnerability.”

Affected configurations

NVD
Node
microsoftinternet_information_serverRange5.06.0
AND
microsoftwindows_2000Match-sp4
OR
microsoftwindows_server_2003Match-sp2itanium
OR
microsoftwindows_server_2003Match-sp2x64
OR
microsoftwindows_xpMatch-sp2
OR
microsoftwindows_xpMatch-sp2professionalx64
OR
microsoftwindows_xpMatch-sp3
Node
microsoftwindows_server_2008Match--itanium
OR
microsoftwindows_server_2008Match--x64
OR
microsoftwindows_server_2008Match--x86
OR
microsoftwindows_server_2008Match-sp2itanium
OR
microsoftwindows_server_2008Match-sp2x86
OR
microsoftwindows_server_2008Match-sp2-x86
OR
microsoftwindows_vistaMatch--
OR
microsoftwindows_vistaMatch-x64
OR
microsoftwindows_vistaMatch-sp1-
OR
microsoftwindows_vistaMatch-sp1-x64
OR
microsoftwindows_vistaMatch-sp2
OR
microsoftwindows_vistaMatch-sp2-x64

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

7.3 High

AI Score

Confidence

Low

0.97 High

EPSS

Percentile

99.7%