Test ID:	1.3.6.1.4.1.25623.1.0.802440
Category:	Windows : Microsoft Bulletins
Title:	Microsoft IIS FTP Server 'Malformed FTP List Request' DOS Vulnerability
Summary:	This host is missing important security update according to; Microsoft Bulletin MS99-033.
Description:	Summary: This host is missing important security update according to Microsoft Bulletin MS99-033. Vulnerability Insight: The FTP service in IIS has an unchecked buffer in a component that processes 'list' commands. A constructed 'list' request could cause arbitrary code to execute on the server via a classic buffer overrun technique. Vulnerability Impact: Successful exploitation will allow remote users to crash the application leading to denial of service condition or execute arbitrary code. Affected Software/OS: Microsoft Internet Information Services version 3.0 and 4.0. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-1999-0349 Bugtraq: Jan27,1999 (Google Search) eEye Security Advisory: IIS Remote FTP Exploit/DoS Attack http://www.eeye.com/html/Research/Advisories/IIS%20Remote%20FTP%20Exploit/DoS%20Attack.html Microsoft Security Bulletin: MS99-003 https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-003 Microsoft Knowledge Base article: Q188348 http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348 XForce ISS Database: iis-remote-ftp
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.