Multiple vulnerabilities in Microsoft Internet Information Services

Posted: November 16, 2012 in Vulnerabilities
Tags: Disclosure of sensitive data, Microsoft Internet Information Services

Vulnerabilities in Microsoft IIS

Vulnerability: Multiple vulnerabilities in Microsoft Internet Information Services (IIS)

Danger: Low
Patch: Yes
Number of vulnerabilities: 2
CVE ID: CVE-2012-2531
CVE-2012-2532

Vector of operation: Remote
Impact: Disclosure of sensitive data

Affected Products: Microsoft Internet Information Services (IIS) 7.x

Affected versions: Microsoft Internet Information Services (IIS) 7.x

Description:

Which can be exploited by malicious people to disclose sensitive data on the target system.

1. The vulnerability is caused due to insufficient access restrictions to certain log files. This can be open-minded people cheating accounts.

Note: Successful exploitation № 1 functional Operational log for IIS must be enabled (disabled by default).

2. An error in the IIS FTP service when communicating with encrypted communication channels. This can be exploited by certain FTP commands to reveal important data on the target system.

Manufacturer URL: http://www.microsoft.com/

Solution: To resolve the vulnerability patch from the manufacturer.

Links:

MS12-073: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

MALWARELIST.net – Your Information Security Source

Security Solutions Deals

Follow Blog via Email

Top 5 Best Blog Posts

Categories

Find us on Facebook