MS11-004  MS11-004 - Important: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)

Important2011-02-08 Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS.
Bulletin details at Microsoft.com

Related CVE Entries

CVE-2010-3972

Public exploit
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
96.84%
Published
2010-12-23
Updated
2021-02-05
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close