#VU2794 Improper input validation in Microsoft IIS
Vulnerability identifier: #VU2794
Vulnerability risk: High
CVSSv3.1: 6 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Vulnerable software:
Microsoft IIS
Server applications /
Web servers
Vendor: Microsoft
Description
The vulnerability allows a remote authenticated attacker to cause DoS conditions on the target system.
The weakness exists due to an error when processing recursive directory listing commands by the FTP Service. By sending a specially crafted LIST command containing wildcard characters, a remote attacker can trigger the FTP service to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Note: the vulnerability was being actively exploited.
Mitigation
Install update from vendor's website:
Microsoft Internet Information Services 5.0 on
Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=7fecd367-aaff-458b-91bc-8925c8e57528
Microsoft Internet Information Services 5.1 on
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=2ae0bdd4-f8b2-420a-b1ac-d2cdaa87c828
Microsoft Internet Information Services 6.0 on
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=819dd2d1-cad5-4784-9baf-185d8a76df5d
Microsoft Internet Information Services 6.0 on
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=48256ea3-b433-4e84-9019-22300069cfc1
Microsoft Internet Information Services 6.0 on
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=61bded07-201e-4815-ac1e-468bf907e063
Microsoft Internet Information Services 6.0 on
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=b99d4d9b-e0cc-4a8c-ad99-6a53958b37c8
Microsoft Internet Information Services 7.0 on
Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=bb96eb1c-66a2-4276-9773-eea22179bcd4
Microsoft Internet Information Services 7.0 on
Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=bce096c8-833b-45c8-99cd-1280f0744f2f
Microsoft Internet Information Services 7.0 on
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d9c5039f-d0cf-4d84-850f-f2f7701dcb79
Microsoft Internet Information Services 7.0 on
Windows Server 2008 for x64-based bit Systems and Windows Server 2008 for x64-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=db969ddc-708e-42b7-9956-6c27bf346bbb
Microsoft Internet Information Services 7.0 on
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=a221451a-cb4e-4a43-a225-4b1e86e87525
Vulnerable software versions
Microsoft IIS: 5.0 - 7.0
External links
http://technet.microsoft.com/en-us/library/security/ms09-053.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
