CVE-2012-2532

Name of the Vulnerable Software and Affected Versions Microsoft FTP Service versions 7.0 through 7.5 for Internet Information Services (IIS)

Description The issue is related to the processing of unspecified commands before TLS is enabled for a session, allowing remote attackers to obtain sensitive information by reading the replies to these commands. It is also described as an error in data exchange via the FTP protocol, which can be exploited by a remote attacker to gain unauthorized access to protected information using specially crafted FTP commands.

Recommendations For Microsoft FTP Service versions 7.0 through 7.5, consider disabling the FTP service until a patch is available to prevent exploitation. Restrict access to the FTP module to minimize the risk of unauthorized access to sensitive information.