CVE-2012-2532

Microsoft FTP Service <7.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/56440

Scores

EPSS 0.4197
EPSS Percentile 98.5%

Details

CWE
CWE-200
Status published
Products (2)
microsoft/ftp_service 7.0
microsoft/ftp_service 7.5
Published Nov 14, 2012
Tracked Since Feb 18, 2026