Vulnerability Details : CVE-2010-3972
Public exploit exists!
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowExecute codeDenial of service
Threat overview for CVE-2010-3972
Top countries where our scanners detected CVE-2010-3972
Top open port discovered on systems with this issue
80
IPs affected by CVE-2010-3972 981,671
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2010-3972!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2010-3972
Probability of exploitation activity in the next 30 days: 96.84%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2010-3972
-
Microsoft IIS FTP Server Encoded Response Overflow Trigger
Disclosure Date: 2010-12-21First seen: 2020-04-26auxiliary/dos/windows/ftp/iis75_ftpd_iac_bofThis module triggers a heap overflow when processing a specially crafted FTP request containing Telnet IAC (0xff) bytes. When constructing the response, the Microsoft IIS FTP Service overflows the heap buffer with 0xff bytes. This issue can be triggered pre-auth a
CVSS scores for CVE-2010-3972
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2010-3972
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-3972
-
http://www.kb.cert.org/vuls/id/842372
VU#842372 - Microsoft IIS FTP server memory corruption vulnerabilityUS Government Resource
-
http://www.securityfocus.com/bid/45542
Microsoft IIS FTP Service Remote Buffer Overflow VulnerabilityExploit
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12370
Repository / Oval Repository
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-004
Microsoft Security Bulletin MS11-004 - Important | Microsoft Docs
-
http://www.exploit-db.com/exploits/15803
Microsoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC) - Windows dos ExploitExploit
-
http://www.securitytracker.com/id?1024921
Microsoft IIS FTP Server Lets Remote Users Deny Service - SecurityTracker
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/64248
Microsoft Internet Information Services TELNET_STREAM_CONTEXT::OnSendData buffer overflow CVE-2010-3972 Vulnerability Report
-
http://www.vupen.com/english/advisories/2010/3305
Webmail | OVH- OVHVendor Advisory
-
http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
Assessing the risk of public issues currently being tracked by the MSRC – Microsoft Security Response Center
Products affected by CVE-2010-3972
- cpe:2.3:a:microsoft:internet_information_services:7.5:*:*:*:*:*:*:*