| Last Updated Date | Sep 22, 2009 |
| Release Date | Sep 08, 2009 |
| Severity | High |
| Impact | Denial of Service: Remote attackers can crash vulnerable systems. |
| Description | This indicates an attack attempt to exploit a DoS vulnerability in Microsoft windows IIS server.
The Microsoft IIS FTP service crashes due to stack exhaustion when handling crafted NLST command. Remote attackers could exploit this to cause denial of service on the IIS server. |
| Affected Products | Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 5.1 Microsoft Internet Information Services 6.0 Microsoft Internet Information Services 7.0 |
| Recommended Actions | Apply the suggested workaround from Microsoft. http://www.microsoft.com/technet/security/advisory/975191.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2521
|
| Reference/s | http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html http://www.milw0rm.com/exploits/9587
|