Threat Level: green Handler on Duty: Richard Porter

SANS ISC InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Microsoft IIS 5/6 FTP 0Day released

Published: 2009-08-31
Last Updated: 2009-09-02 03:04:22 UTC
by Pedro Bueno (Version: 2)
2 comment(s)


We are aware of a new 0-day exploit that was posted on Milw0rm today.

According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.

Also according it, it affects IIS 6.0 with stack cookie protection.

The latest on this is that HDMoore is porting it to the MetaSploit framework.

We will update this diary with more info as we get it.

UPDATE4: Microsoft released its advisory on IIS vulnerability and 0day. Seems that IIS 5.0, 5.1 and 6.0 are affected, running on WIndows 2000, XP and 2003. Read more here:

UPDATE3: SourceFire Blog about it

UPDATE2: US-CERT released an advisory on it:

UPDATE: Emerging Threats have released a signature for the milw0rm IIS-FTP
exploit. It's available in the signature tarballs and a history is available in CVS:


Handler on Duty: Pedro Bueno (pbueno /%%/ isc. sans. org)


2 comment(s)
Diary Archives