CVE-2010-3972

Microsoft Internet Information Services FTP Service 7.0-7.5 - Remote Code Execution via Crafted FTP Command

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-3972. PoCs published by Matthew Bergin, Matthew Bergin, jduck, including Metasploit module auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.

AI-analyzed exploit summary This exploit triggers a denial-of-service (DoS) condition in Windows 7 IIS 7.5 by sending a malformed FTP command with an overly long buffer. The payload consists of repeated bytes designed to crash the FTPSVC service.

Description

Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Matthew Bergin · pythondoswindows
https://www.exploit-db.com/exploits/15803

This exploit triggers a denial-of-service (DoS) condition in Windows 7 IIS 7.5 by sending a malformed FTP command with an overly long buffer. The payload consists of repeated bytes designed to crash the FTPSVC service.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Microsoft IIS 7.5 on Windows 7 (v6.1 build 7600)
No auth needed
Prerequisites: Network access to the target FTP service
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Matthew Bergin, jduck · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/ftp/iis75_ftpd_iac_bof.rb

This Metasploit module exploits a heap overflow in Microsoft IIS FTP Server by sending a crafted FTP request with Telnet IAC bytes, leading to a denial-of-service (DoS) condition. The vulnerability (CVE-2010-3972) is triggered pre-authentication and may be exploitable for remote code execution.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft IIS FTP Server 7.5
No auth needed
Prerequisites: Network access to the target FTP server (port 21)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45542
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/64248
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/842372
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1024921
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12370
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3305
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15803
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42713

Scores

EPSS 0.9169
EPSS Percentile 99.7%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/internet_information_services 7.5
Published Dec 23, 2010
Tracked Since Feb 18, 2026