Microsoft IIS FTPd Remote Buffer Overflow Vulnerability
Severity: CRITICAL
CVE Identifier: CVE-2009-3023
Advisory Date: JUL 21, 2015
DESCRIPTION
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
PATCH: http://www.microsoft.com/technet/security/Bulletin/MS09-053.mspx
Trend Micro Deep Security DPI Rule Number: 1003698
Trend Micro Deep Security DPI Rule Name: 1003698 - Microsoft IIS FTPd Remote Buffer Overflow Vulnerability
AFFECTED SOFTWARE AND VERSION
- Microsoft IIS 6.0
- Microsoft IIS 5.0