Friday, September 04, 2009

Microsoft IIS 5.0/6.0 FTP Server (Stack Exhaustion) Denial of Service

There is a DoS vulnerability in the globbing functionality of IIS FTPD.
Anonymous users can exploit this if they have read access to a directory!!!
Normal users can exploit this too if they can read a directory.

This is the steps how to exploit it:
http://www.milw0rm.com/exploits/9587

No comments: