Microsoft IIS 5/6 FTP 0Day released


We are aware of a new 0-day exploit that was posted on Milw0rm today.

According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.

Also according it, it affects IIS 6.0 with stack cookie protection.

The latest on this is that HDMoore is porting it to the MetaSploit framework.

We will update this diary with more info as we get it.

UPDATE3: SourceFire Blog about it

UPDATE2: US-CERT released an advisory on it:

UPDATE: Emerging Threats have released a signature for the milw0rm IIS-FTP
exploit. It's available in the signature tarballs and a history is available in CVS:


Handler on Duty: Pedro Bueno (pbueno /%%/ isc. sans. org)



155 Posts
ISC Handler
Aug 31st 2009
it requires an account or anon to be enabled on the target, which somewhat limits the scope of this otherwise damaging bug.
MS released Security Advisory 975191 on the issue:
See also and for additional informations from MS.

Sign Up for Free or Log In to start participating in the conversation!