Multiple vulnerabilities in Microsoft Internet Information Services

Posted: November 16, 2012 in Vulnerabilities
Tags: ,

Vulnerability

Vulnerabilities in Microsoft IIS

Vulnerability: Multiple vulnerabilities in Microsoft Internet Information Services (IIS)

Danger: Low
Patch: Yes
Number of vulnerabilities: 2
CVE ID: CVE-2012-2531
CVE-2012-2532

Vector of operation: Remote
Impact: Disclosure of sensitive data

Affected Products: Microsoft Internet Information Services (IIS) 7.x

Affected versions: Microsoft Internet Information Services (IIS) 7.x

Description:

Which can be exploited by malicious people to disclose sensitive data on the target system.

1. The vulnerability is caused due to insufficient access restrictions to certain log files. This can be open-minded people cheating accounts.

Note: Successful exploitation № 1 functional Operational log for IIS must be enabled (disabled by default).

2. An error in the IIS FTP service when communicating with encrypted communication channels. This can be exploited by certain FTP commands to reveal important data on the target system.

Manufacturer URL: http://www.microsoft.com/

Solution: To resolve the vulnerability patch from the manufacturer.

Links:

MS12-073: Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Information Disclosure (2733829)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s