Vulnerability in Internet Information Services FTP Service Could Allow for Remote Code Execution

Microsoft Internet Information Server (IIS) FTP server NLST stack buffer overflow

Microsoft Security Advisory (975191) and Vulnerability Note VU#276653

While there are no patches yet and likely none for the next patch Tuesday to fix this flaw, there are some things you can do to decrease the likelihood of being exploited. The first and most important thing you can do is disable anonymous FTP. For servers that allow anonymous file uploads, the attacker would typically be unauthenticated and thus unrestricted. You should also prevent creation of new directories using NTFS ACLs and you should also prevent anonymous users from writing via IIS settings. To detect the attacks you can find snort rules available already at http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-09-01.html.

The exploit, discovered by Kingcope, is in the wild currently and is available at milw0rm.

September 3, 2009 – 2:02 pm | By spyder | Posted in General | Comments (0)

No Comments

Post a Comment

Gallery Additions
Popular Video
- Undetected COD4 Hack & Aimbot - CALLOFDUTYHACKS.COM September 7, 2010
  Undetected COD4 Hack & Aimbot Get It Here - CALLOFDUTYHACKS.COM Ranked 1.00 / 5 | 5 views | 0 comments Click here to watch the video (05:11) Submitted By: XFPSHACKSX Tags: Call Of Duty Aimbot Call Of Duty 4 Cod Hacks Categories: Video Games […]
- Battlefield Full Colection Free Full Download Mediafire Links 100% Working September 7, 2010
  Download the Mediafire Links from http://fileml.com/11E6874 WITH NO SPEED LIMIT!! 1.battlefield 2 2.battlefield 1942 3.Battlefield 1942:The road to rome 4.battlefield 2142 If there is any dead links,errors or request to upload on other links, feel free to msg me. if the links helps you,please rate or comment this video for more downloads,go http://fullfreepc […]
- Wild Ones - Latest Hack and Free Ammo Refill to 99 September 7, 2010
  http://www.facecheat.com Check out our late and Undected Cheat tool for wild ones by playdom.<br />we bring you the wild ones pro trainer v2 featuring wild ones coins, premium credits and replenish ammo to 99. Ranked 2.32 / 5 | 32 views | 0 comments Click here to watch the video (02:04) Submitted By: Gavin Jarvis Tags: Wild Ones Wild Ones Cheat Wild On […]

WIRED
- Intel Hedges Bets With $8 Billion Acquisition Of McAfee August 19, 2010
  Intel, one of the most hardware-centric companies in technology, placed a massive bid to purchase McAfee on Thursday for $7.68 billion in cash. The acquisition is chipmaker’s biggest to date, and represents a big, diversifying bet that the future of computing is in software and services. […]
  Eliot Van Buskirk
Slashdot
Hack-a-day
- Snake bot climbs trees September 6, 2010
  While you are out enjoying your Labor Day festivities, keep an eye out for robot snakes in the trees. The CMU robotics lab has built a snake bot named Uncle Sam that can climb trees and poles. As you can see in the video after the break, the bot seems to have no problem at […]
  Caleb Kraft

SpydersWorld