CVE-2012-2532

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability."
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:microsoft:ftp_service:7.0:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:microsoft:ftp_service:7.5:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*
cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*

History

21 Nov 2024, 01:39

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/56440 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/56440 - Third Party Advisory, VDB Entry
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786 - Third Party Advisory () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786 - Third Party Advisory

Information

Published : 2012-11-14 00:55

Updated : 2024-11-21 01:39


NVD link : CVE-2012-2532

Mitre link : CVE-2012-2532

CVE.ORG link : CVE-2012-2532


JSON object : View

Products Affected

microsoft

  • windows_vista
  • windows_server_2008
  • ftp_service
  • windows_7
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor