CVE-2009-3023

Name of the Vulnerable Software and Affected Versions Microsoft Internet Information Services (IIS) versions 5.0 through 6.0

Description The issue is related to a buffer overflow in the FTP Service of Microsoft Internet Information Services (IIS). This occurs when handling a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption. The vulnerability can be exploited by remote authenticated users to execute arbitrary code or cause a denial of service. The problem arises from the way the ftpsvc2.dll module processes directory paths, specifically when handling the parent directory symbol (..) and the wildcard symbol (*), which can result in the doubling of the resulting directory path and the overflow of a limited-size stack buffer (260 bytes).

Recommendations For Microsoft Internet Information Services (IIS) versions 5.0 through 6.0, consider disabling the FTP Service until a patch is available to prevent potential exploitation. Restrict access to the ftpsvc2.dll module to minimize the risk of exploitation. Avoid using the NLST command with wildcards in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.