Vulnerability Description
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Services | 7.5 |
Related Weaknesses (CWE)
References
- http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-i
- http://secunia.com/advisories/42713Vendor Advisory
- http://www.exploit-db.com/exploits/15803Exploit
- http://www.kb.cert.org/vuls/id/842372US Government Resource
- http://www.securityfocus.com/bid/45542Exploit
- http://www.securitytracker.com/id?1024921
- http://www.vupen.com/english/advisories/2010/3305Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/64248
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-i
- http://secunia.com/advisories/42713Vendor Advisory
- http://www.exploit-db.com/exploits/15803Exploit
- http://www.kb.cert.org/vuls/id/842372US Government Resource
- http://www.securityfocus.com/bid/45542Exploit
FAQ
What is CVE-2010-3972?
CVE-2010-3972 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote ...
How severe is CVE-2010-3972?
CVE-2010-3972 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3972?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Services.