Release DateSep 08, 2009 |
Severityhigh |
ImpactDenial of Service: Remote attackers can crash vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a DoS vulnerability in Microsoft windows IIS server.The Microsoft IIS FTP service crashes due to stack exhaustion when handling crafted NLST command. Remote attackers could exploit this to cause denial of service on the IIS server. |
Affected ProductsMicrosoft Internet Information Services 5.0Microsoft Internet Information Services 5.1 Microsoft Internet Information Services 6.0 Microsoft Internet Information Services 7.0 |
Recommended ActionsApply the suggested workaround from Microsoft.http://www.microsoft.com/technet/security/advisory/975191.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2009-2521 |
Reference/shttp://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.htmlhttp://www.milw0rm.com/exploits/9587 |