MS11-004 MS11-004 - Important: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256)
Important2011-02-08 Bulletin Severity Rating:Important - This security update resolves a publicly disclosed vulnerability in Microsoft Internet Information Services (IIS) FTP Service. The vulnerability could allow remote code execution if an FTP server receives a specially crafted FTP command. FTP Service is not installed by default on IIS.
Bulletin details at Microsoft.com
Bulletin details at Microsoft.com
Related CVE Entries
CVE-2010-3972
Public exploit
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
96.84%
Published
2010-12-23
Updated
2021-02-05