Description: Timeline :
Vulnerability & PoC disclosed the 2010-12-21 by Matthew Bergin
Vulnerability acknowledge the 2010-12-22 by Microsoft
Provided by:
Matthew Bergin
Reference(s) :
EBD-15803
CVE-2010-3972
MS11-004
Affected versions :
Windows Vista SP1 and Windows Vista SP2
Windows Vista x64 SP1 and Windows Vista x64 SP2
Windows Server 2008 32 and Windows Server 2008 32 SP2
Windows Server 2008 x64 and Windows Server 2008 x64 SP2
Windows 7 32
Windows 7 x64
Windows Server 2008 R2 x64
Tested on Windows 7 Integral
Description:
Actually this is a Denial of Service vulnerability and Microsoft say's that remote code execution is unlikely (When a DoS isn't a DoS ?). The vulnerability occurs when the FTP server attempts to encode Telnet IAC (Interpret As Command) character in the FTP response.
IAC ? :) Think about ProFTPd CVE-2010-3867
Demo
ifconfig
netstat -tan
ftp 192.168.178.45
python msiis7ftp.py 192.168.178.45 21
Tags: windows , seven , 2008 , ftp , 0day , dos , microsoft ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.