CVSS: 10.0EPSS: 96%CPEs: 1EXPL: 3CVE-2010-3972 – Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2010-3972
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. La función TELNET_STREAM_CONTEXT::OnSendData en el manejador de protocolo FTP (ftpsvc.dll) para Microsoft Internet Information Services (IIS) v7.5 permite a atacantes remoso causar una denegación de servicio (caída) y probablemente ejecutar código de su elección a través de peticiones FTP manipuladas que provocan una corrupción de memoria. NOTA: algunos de estos detalles se han obtenido de información de terceros. • https://www.exploit-db.com/exploits/15803 http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx http://secunia.com/advisories/42713 http://www.exploit-db.com/exploits/15803 http://www.kb.cert.org/vuls/id/842372 http://www.securityfocus.com/bid/45542 http://www.securitytracker.com/id?1024921 http://www.vupen.com/english/advisories/2010/3305 https://docs.microsoft.com/en-us/security-updates/securit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 24%CPEs: 1EXPL: 0CVE-2010-2730
https://notcve.org/view.php?id=CVE-2010-2730
Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Desbordamiento de buffer en Microsoft Internet Information Services (IIS) v7.5, cuando está habilitado FastCGI, permite a los atacantes remotos ejecutar código a su elección a través de cabeceras manipuladas en una petición, también conocido como "Request Header Buffer Overflow Vulnerability". • https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6933 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 97%CPEs: 2EXPL: 1CVE-2010-1899 – Microsoft IIS 6.0 - ASP Stack Overflow Stack Exhaustion (Denial of Service) (MS10-065)
https://notcve.org/view.php?id=CVE-2010-1899
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Vulnerabilidad de consumo en la pila en la aplicación ASP de Microsoft Internet Information Services (IIS) v5.1, v6.0, v7.0, y v7.5 permite a atacantes remotos causar una denegación de servicio (parada de demonio) a través de peticiones manipuladas, relacionadas con asp.dll, también conocido como "IIS Repeated Parameter Request Denial of Service Vulnerability". The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. Required is that Active Server Pages are hosted by the IIS and that an ASP script reads out a Post Form value. • https://www.exploit-db.com/exploits/15167 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-065 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7127 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •