Matthew Bergin

**Name of the Vulnerable Software and Affected Versions** Microsoft FTP Service versions 7.0 through 7.5 for Internet Information Services (IIS) 7.0 and 7.5 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted FTP command. This is due to a heap-based buffer overflow in the TELNET STREAM CONTEXT::OnSendData function in ftpsvc.dll. **Recommendations** For Microsoft FTP Service versions 7.0 through 7.5, consider restricting access to the FTP service until a fix is available. As a temporary workaround, disabling the TELNET STREAM CONTEXT::OnSendData function may help mitigate the risk of exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.