Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Internet Information Services Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability - CVE-2009-3023 - Vulnerability Database
Internet Information Services

Internet Information Services Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability - CVE-2009-3023

Critical
Reference: CVE-2009-3023
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-3023
Title: Internet Information Services Buffer Copy without Checking Size of Input (Classic Buffer Overflow) Vulnerability
Overview:

Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards leading to memory corruption aka quotIIS FTP Service RCE and DoS Vulnerability.quot