CVE-2010-3972

CVE Database · CVE-2010-3972

CVE-2010-3972

· N/AModified

CVSS v3.1

N/A

EPSS

94.53%

Published

Dec 23, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft IIS 7.5 (Windows 7) - FTPSVC Unauthorized Remote Denial of Service (PoC)TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

Weaknesses (CWE)

CWE-119

Affected Products (1)

microsoft · internet_information_servicesvulnerable

References (20)

http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx

http://secunia.com/advisories/42713

Vendor Advisory

http://www.exploit-db.com/exploits/15803

Exploit

http://www.kb.cert.org/vuls/id/842372

US Government Resource