Additional Information
Microsoft Internet Information Service (IIS) is a webserver available for Microsoft Windows.The application is prone to a remote stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. The vulnerability occurs when handling specially crafted input to the application's FTP server. A 'NLST' (NAME LIST) command issued on a specially named directory can trigger this issue. An attacker can create such a directory if the FTP server is configured to allow write access to anonymous or other user accounts.
The attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
This issue affects the following:
IIS 5.0
IIS 5.1
IIS 6.0 (denial of service only)
IIS 7.0 (denial of service only)
Note that Microsoft IIS 7.0 with FTP Service 7.5 is not affected.
Other versions may also be affected.
NOTE: This issue cannot be exploited to execute arbitrary code on IIS 6.0 or 7.0.
NOTE (September 1, 2009): This issue can be exploited to execute arbitrary code with SYSTEM-level privileges on IIS 5.0.
NOTE (September 2, 2009): Some reports indicate that this issue could result in a crash even if an attacker doesn't have sufficient permissions to create a directory on the server. This occurs as long as an arbitrary directory whose name starts with the character(s) specified in the 'NLST' command resides on the server. The 'NLST' command would contain an excessive amount of string data along the character(s) associated with the directory name. It's also possible to trigger a crash by simply supplying a '*' character along with the string values in the 'NLST' command.
UPDATE (September 8, 2009); This issue may be related to a vulnerability reported in 1999 affecting IIS 3 and IIS 4. We will update this BID as more details emerge.
![Microsoft Microsoft](http://coh.duckdns.org/ADMINMagazine/html/2012/09/084-089_metasploit/images/meta_fig2.png)
![Microsoft Ftp Service Exploit Microsoft Ftp Service Exploit](https://www.exploit-db.com/screenshots/idlt15500/screen-shot-2010-10-29-at-125745-pm.png)
Microsoft IIS 5.0/6.0 FTP Server (Windows 2000) - Remote Stack Overflow. Remote exploit for Windows platform.