CVE-2009-3023

Опубликовано: 31 авг. 2009

Источник: nvd

CVSS2: 9

EPSS Высокий

Описание

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

Ссылки

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
http://www.exploit-db.com/exploits/9541
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/9559
Exploit
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/276653
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/36189
Exploit
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/2481
Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080
Third Party Advisory
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191
http://www.exploit-db.com/exploits/9541
Exploit
Third Party Advisory
VDB Entry
http://www.exploit-db.com/exploits/9559
Exploit
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/276653
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/36189
Exploit
Third Party Advisory
VDB Entry
http://www.us-cert.gov/cas/techalerts/TA09-286A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/2481
Third Party Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053
Patch
Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 6.0 (включая)

Одно из

cpe:2.3:o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:professional:*:x64:*

cpe:2.3:o:microsoft:windows_xp:-:sp3:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x64:*

cpe:2.3:o:microsoft:windows_server_2008:-:*:*:*:-:*:x86:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:-:*:x86:*

cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:-:*

cpe:2.3:o:microsoft:windows_vista:-:*:*:*:*:*:x64:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:*:*:-:*

cpe:2.3:o:microsoft:windows_vista:-:sp1:*:*:-:*:x64:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:-:*:x64:*

EPSS

Процентиль: 99%

0.77219

Высокий

9 Critical

CVSS2

Дефекты

CWE-120

Связанные уязвимости

GHSA-ww4p-6452-jmh8

github

почти 4 года назад

BDU:2015-10406

fstec

больше 16 лет назад

Уязвимость программного пакета Internet Informatiom Services, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

BDU:2015-10405