Revision Note: V2.0 (September 3, 2009): Advisory revised to add CVE-2009-2521 and to provide more information on affected software, mitigations, and workarounds. Advisory Summary:Microsoft is investigating new public reports of vulnerabilities in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. The vulnerabilities could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.0, IIS 5.1, IIS 6.0 or IIS 7.0.
More...