CVE-1999-1544

Name of the Vulnerable Software and Affected Versions: Microsoft IIS versions 3.0 through 4.0

Description: A buffer overflow issue in the FTP server of Microsoft IIS allows attackers to cause a denial of service. This can be achieved by sending a long NLST (ls) command. The issue affects both local and sometimes remote attackers.

Recommendations: For Microsoft IIS versions 3.0 through 4.0, consider restricting access to the FTP server until a fix is available. As a temporary workaround, limit the length of input to the NLST command to prevent buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.