Microsoft confirms IIS zero-day flaw; Exploit code published
- September 2nd, 2009
- Posted in News
- Write comment
Vulnerability summary
The vulnerability is a stack overflow in the FTP service when listing a long, specially-crafted directory name. To be vulnerable, an FTP server would need to grant untrusted users access to log into and create that long, specially-drafted directory. If an attacker were able to successfully exploit this vulnerability, they could execute code in the context of LocalSystem, the service under which the FTP service runs.
Configurations at risk
The vulnerable code is in IIS 5.0 (Windows 2000), IIS 5.1 (Windows XP) and IIS 6.0 (Windows Server 2003). IIS 7.0 (Windows Vista, Windows Server 2008) is not vulnerable. IIS 6 is at reduced risk because it was built with /GS which help protect the service from exploits by deliberately terminating itself when the overflow is detected before attacker’s code runs. We have not seen exploit code for this vulnerability that is able to bypass the /GS protection.
Also, remember that only servers that allow untrusted users to log on and create arbitrary directories are vulnerable.
Read More
Exploit
No comments yet.