Vulnerabilities > Microsoft > Internet Information Services > 7.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-12-23 | CVE-2010-3972 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Information Services 7.5 Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. | 10.0 |
| 2010-09-15 | CVE-2010-2730 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Information Services 7.5 Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'FastCGI is not enabled by default in IIS.' | 9.3 |
| 2010-09-15 | CVE-2010-1899 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." Per: http://www.microsoft.com/technet/security/Bulletin/MS10-065.mspx 'ASP pages are prohibited by default on IIS 6.0. | 4.3 |