Site icon Liquidmatrix Security Digest

IIS5&6 FTP Stack Overflow Zeroday

This Monday continues to get weirder by the minute. Well, in keeping with that here is a zeroday that just made it on to the Full Disclosure mailing list.

Microsoft Internet Information Server 5.0/6.0
FTP Server Remote Stack Based Overrun
# IIS 5.0 FTPd / Remote r00t exploit
# Win2k SP4 targets
# bug found & exploited by Kingcope, kcope2googlemail.com
# Affects IIS6 with stack cookie protection
# August 2009 – KEEP THIS 0DAY PRIV8
use IO::Socket;

The full exploit is posted to the site as a PDF file and for those that are unsure here is the VirusTotal scan of the file. Bearing in mind that this is by no means a guarantee of its safety.

Article Link

[UPDATE]: Microsoft released a workaround for this problem today (Sept. 1, 2009)

[tags]IIS5 Exploit, IIS6 Exploit, Zeroday, 0day, Stack Overflow[/tags]

Exit mobile version