Microsoft IIS5 and IIS6 FTP Exploit 0day

Tuesday, September 1, 2009

Microsoft on Monday said it is looking into a report of a flaw in some versions of its Internet Information Services product that could allow an attacker to gain control of a system.

In a statement, a Microsoft representative said the company "is investigating new public claims of a possible vulnerability in IIS 5 and IIS 6 File Transfer Protocol (FTP)."

Microsoft said it is not aware of any attacks using the vulnerability. "We will take steps to determine how customers can protect themselves, should we confirm the vulnerability."

This exploit triggers a large SITE command and can easily be detected.

If you want to detect the attack with Snort you can download the rule from ET.

The IIS FTPD Exploit can be found here


  © Blogger templates Newspaper by 2008

Back to TOP