MS11-004: Vulnerability in Internet Information Services (IIS) FTP Service Could Allow Remote Code Execution (2489256) (uncredentialed check)
Critical Nessus Plugin ID 51956
SynopsisThe FTP service running on the remote host has a memory corruption vulnerability.
DescriptionThe IIS FTP service running on the remote host has a heap-based buffer overflow vulnerability. The 'TELNET_STREAM_CONTEXT::OnSendData' function fails to properly sanitize user input, resulting in a buffer overflow.
An unauthenticated, remote attacker can exploit this to execute arbitrary code.
SolutionMicrosoft has released a set of patches for Windows Vista, 2008, 2008 R2, and 7.