CVE-2009-3023
EXPLOITEDMicrosoft Internet Information Server < 6.0 - Buffer Overflow
Title source: ruleDescription
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
Exploits (4)
metasploit
WORKING POC
GREAT
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/ftp/ms09_053_ftpd_nlst.rb
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16740
exploitdb
WORKING POC
VERIFIED
by kingcope · perlremotewindows
https://www.exploit-db.com/exploits/9541
References (9)
Scores
EPSS
0.7722
EPSS Percentile
98.9%
Exploitation Intel
VulnCheck KEV
2009-10-19
Classification
CWE
CWE-120
Status
draft
Affected Products (1)
microsoft/internet_information_server
< 6.0
Timeline
Published
Aug 31, 2009
Tracked Since
Feb 18, 2026