5

CVE-2012-2532

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftFtp Service Version7.0
   MicrosoftWindows Server 2008 Updatesp2 HwPlatformx32
   MicrosoftWindows Server 2008 Updatesp2 HwPlatformx64
   MicrosoftWindows Vista Updatesp2 HwPlatformx64
   MicrosoftWindows Vista Version- Updatesp2
MicrosoftFtp Service Version7.5
   MicrosoftWindows 7 Version-
   MicrosoftWindows 7 Version- HwPlatformx64
   MicrosoftWindows 7 Version- Updatesp1
   MicrosoftWindows 7 Version- Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2008 Updatesp2 HwPlatformx32
   MicrosoftWindows Server 2008 Updatesp2 HwPlatformx64
   MicrosoftWindows Server 2008 Versionr2 HwPlatformx64
   MicrosoftWindows Server 2008 Versionr2 SwEditionitanium
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   MicrosoftWindows Server 2008 Versionr2 Updatesp1 SwEditionitanium
   MicrosoftWindows Vista Updatesp2 HwPlatformx64
   MicrosoftWindows Vista Version- Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 19.65% 0.952
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/56440
Third Party Advisory
VDB Entry