CVE-2009-3023

Microsoft IIS 5.0 FTP Server (Windows 2000 SP4) - Remote Stack Overflow

Severity Score

9.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."

Un desbordamiento de búfer en el Servicio FTP en Internet Information Services (IIS) de Microsoft versiones 5.0 hasta 6.0, permite a los usuarios autenticados remotos ejecutar código arbitrario por medio de un comando NLST (LISTA DE NOMBRES) diseñado que utiliza comodines, conllevando a la corrupción de memoria, también se conoce como "IIS FTP Service RCE and DoS Vulnerability".

*Credits: N/A

CVSS Scores

NISTv2 9.0

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2009-08-31 CVE Reserved
2009-08-31 CVE Published
2009-08-31 First Exploit
2024-08-07 CVE Updated
2024-11-24 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (13)

URL	Tag	Source
http://www.kb.cert.org/vuls/id/276653	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-286A.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/2481	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6080	Signature
-

URL	Date	SRC
https://www.exploit-db.com/exploits/9559	2009-09-01
https://www.exploit-db.com/exploits/9541	2009-08-31
https://www.exploit-db.com/exploits/16740	2010-11-12
http://www.exploit-db.com/exploits/9541	2024-08-07
http://www.exploit-db.com/exploits/9559	2024-08-07
http://www.securityfocus.com/bid/36189	2024-08-07

URL	Date	SRC
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053	2023-11-07

URL	Date	SRC
http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191	2023-11-07

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"	Internet Information Server Search vendor "Microsoft" for product "Internet Information Server"	>= 5.0 <= 6.0 Search vendor "Microsoft" for product "Internet Information Server" and version " >= 5.0 <= 6.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows 2000 Search vendor "Microsoft" for product "Windows 2000"	-	sp4	Safe
Microsoft Search vendor "Microsoft"	Internet Information Server Search vendor "Microsoft" for product "Internet Information Server"	>= 5.0 <= 6.0 Search vendor "Microsoft" for product "Internet Information Server" and version " >= 5.0 <= 6.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	-	sp2, itanium	Safe
Microsoft Search vendor "Microsoft"	Internet Information Server Search vendor "Microsoft" for product "Internet Information Server"	>= 5.0 <= 6.0 Search vendor "Microsoft" for product "Internet Information Server" and version " >= 5.0 <= 6.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Server 2003 Search vendor "Microsoft" for product "Windows Server 2003"	-	sp2, x64	Safe
Microsoft Search vendor "Microsoft"	Internet Information Server Search vendor "Microsoft" for product "Internet Information Server"	>= 5.0 <= 6.0 Search vendor "Microsoft" for product "Internet Information Server" and version " >= 5.0 <= 6.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2	Safe
Microsoft Search vendor "Microsoft"	Internet Information Server Search vendor "Microsoft" for product "Internet Information Server"	>= 5.0 <= 6.0 Search vendor "Microsoft" for product "Internet Information Server" and version " >= 5.0 <= 6.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp2, professional, x64	Safe
Microsoft Search vendor "Microsoft"	Internet Information Server Search vendor "Microsoft" for product "Internet Information Server"	>= 5.0 <= 6.0 Search vendor "Microsoft" for product "Internet Information Server" and version " >= 5.0 <= 6.0"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Xp Search vendor "Microsoft" for product "Windows Xp"	-	sp3	Safe
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		itanium		Safe
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		x64		Safe
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		x86		Safe
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2, itanium		Safe
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2, x86		Safe
Microsoft Search vendor "Microsoft"		Windows Server 2008 Search vendor "Microsoft" for product "Windows Server 2008"				-		sp2, x86		Safe
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		-		Safe
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		x64		Safe
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp1		Safe
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp1, x64		Safe
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp2		Safe
Microsoft Search vendor "Microsoft"		Windows Vista Search vendor "Microsoft" for product "Windows Vista"				-		sp2, x64		Safe