5 matches found
Microsoft IIS FTPd服务NLST命令远程栈溢出漏洞(MS09-053)
BUGTRAQ ID: 36189 CVE ID: CVE-2009-3023 Microsoft Internet信息服务(IIS)是Microsoft Windows自带的一个网络信息服务器,其中包含HTTP服务功能。 Microsoft IIS内嵌的FTP服务器中存在栈溢出漏洞。如果远程攻击者对带有特制名称的目录发布了包含有通配符的FTP NLST(NAME LIST)命令的话,就可以触发这个溢出,导致拒绝服务或执行任意代码。仅在攻击者拥有写访问权限的情况下才可以创建带有特殊名称的目录。 Microsoft IIS 6.0 Microsoft IIS 5.1 Microsoft I...
MS09-053: Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)
The remote host has a version of IIS whose FTP service is affected by one or both of the following vulnerabilities : - By sending specially crafted list commands to the remote Microsoft FTP service, an attacker is able to cause the service to become unresponsive. CVE-2009-2521 - A flaw in the way...
Immunity Canvas: IISFTP_NLST
Name| iisftpnlst ---|--- CVE| CVE-2009-3023 Exploit Pack| CANVAS Description| IISFTPNLST Notes| CVE Name: CVE-2009-3023 VENDOR: Microsoft References: http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070467.html CVE Url: https://vulners.com/cve/CVE-2009-3023 Date public: 08/31/09 CVS...
CVE-2009-3023
CVE-2009-3023 is the IIS FTP Service NLST command remote buffer overflow in Microsoft IIS FTP service (ftpsvc) affecting IIS 5.0–6.0. A crafted NLST with wildcards can overflow a stack buffer, enabling remote code execution (attack context can yield SYSTEM‑level code execution under affected setu...
CVE-2009-3023
creationtimestamp| type| source ---|---|--- 2009-08-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9541 2009-09-01 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/9559 2010-11-12 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16740 2018-05-29...