CVE-2010-3972

Name of the Vulnerable Software and Affected Versions Microsoft FTP Service versions 7.0 through 7.5 for Internet Information Services (IIS) 7.0 and 7.5

Description The issue allows remote attackers to execute arbitrary code or cause a denial of service via a crafted FTP command. This is due to a heap-based buffer overflow in the TELNET STREAM CONTEXT::OnSendData function in ftpsvc.dll.

Recommendations For Microsoft FTP Service versions 7.0 through 7.5, consider restricting access to the FTP service until a fix is available. As a temporary workaround, disabling the TELNET STREAM CONTEXT::OnSendData function may help mitigate the risk of exploitation. However, at the moment, there is no information about a newer version that contains a fix for this vulnerability.