Microsoft IIS FTP Server Encoded Response Overflow Trigger

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft IIS FTP Server Encoded Response Overflow Trigger', 'Description' = %q This module triggers a heap overflow when processing a specially...

MS11-004: Vulnerability in Internet Information Services (IIS) FTP service could allow remote code execution

MS11-004: Vulnerability in Internet Information Services IIS FTP service could allow remote code execution INTRODUCTION Microsoft has released security bulletin MS11-004. To view the complete security bulletin, visit one of the following Microsoft websites: Home users:...

MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)

The IIS FTP service running on the remote host has a heap-based buffer overflow vulnerability. The 'TELNETSTREAMCONTEXT::OnSendData' function fails to properly sanitize user input, resulting in a buffer overflow. An unauthenticated, remote attacker can exploit this to execute arbitrary code. C...

Microsoft IIS FTP Server Encoded Response Overflow Trigger

This module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC 0xff bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth and may in fact be exploitable for...