Monday, August 31, 2009 3:50 PM
cmosby
Microsoft IIS 5/6 FTP 0Day released – SANS Internet Storm Center
digg_url = 'http://isc.sans.org/diary.html?storyid=7039&rss';
digg_title = 'Microsoft IIS 5/6 FTP 0Day released';
digg_skin='compact';
digg_topic = 'security';
We are aware of an new 0-day exploit that was posted on Milw0rm today.
According the exploit, it was suppose to work on both IIS 5.0 and 6.0, on the FTP module.
Also according it, it affects IIS 6.0 with stack cookie protection.
The latest on this is that HDMoore is porting it to the MetaSploit framework.
We will update this diary with more info as we get it.
---------------------------------------------------------------
Handler on Duty: Pedro Bueno (pbueno /%%/ isc. sans. org)