cvelistv5 - cve-2012-2532

CVE-2012-2532 (GCVE-0-2012-2532)

Vulnerability from cvelistv5

Published

2012-11-14 00:00

Modified

2024-08-06 19:34

Severity ?

CWE

Summary

References

URL

	Vendor	Product	Version
	n/a	n/a	Version: n/a

gsd-2012-2532

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-2532

Aliases

CVE-2012-2532

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2532",
    "description": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
    "id": "GSD-2012-2532"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2532"
      ],
      "details": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
      "id": "GSD-2012-2532",
      "modified": "2023-12-13T01:20:16.418498Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2012-2532",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "56440",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/56440"
          },
          {
            "name": "oval:org.mitre.oval:def:15786",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786"
          },
          {
            "name": "MS12-073",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:ftp_service:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:ftp_service:7.5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2012-2532"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "56440",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/56440"
            },
            {
              "name": "oval:org.mitre.oval:def:15786",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786"
            },
            {
              "name": "MS12-073",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2021-02-05T15:37Z",
      "publishedDate": "2012-11-14T00:55Z"
    }
  }
}

ghsa-28x5-qp9q-fqqf

Vulnerability from github

Published

2022-05-13 01:11

Modified

2022-05-13 01:11

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-2532"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-14T00:55:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
  "id": "GHSA-28x5-qp9q-fqqf",
  "modified": "2022-05-13T01:11:45Z",
  "published": "2022-05-13T01:11:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2532"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/56440"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability.". Microsoft IIS is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary commands with the privileges of the application; this may disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA12-318A Microsoft Updates for Multiple Vulnerabilities

Original release date: November 13, 2012 Last revised: --

Systems Affected

 * Microsoft Windows
 * Microsoft Office
 * Microsoft .NET Framework
 * Internet Explorer

Overview

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

References

Microsoft Security Bulletin Summary for November 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
Microsoft Windows Server Update Services http://technet.microsoft.com/en-us/wsus/default.aspx
Microsoft Update http://www.update.microsoft.com/
Microsoft Update Overview http://www.microsoft.com/security/updates/mu.aspx
Turn Automatic Updating On or Off http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off

Revision History

November 13, 2012: Initial release

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-318A Feedback VU#970852" in the subject.

Produced by US-CERT, a government organization.

This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy: http://www.us-cert.gov/privacy/

This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-318A.html

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR DRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/ GCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB tPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U lEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws sqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA== =/QVO -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0024",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ftp service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "7.5"
      },
      {
        "model": "ftp service",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "microsoft",
        "version": "7.0"
      },
      {
        "model": "ftp service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "7.0 for iis 7.0"
      },
      {
        "model": "ftp service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "7.5 for iis 7.0"
      },
      {
        "model": "ftp service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "7.5 for iis 7.5"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x32) sp1 before"
      },
      {
        "model": "windows 7",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp1 before"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x86) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(itanium) sp2"
      },
      {
        "model": "windows server 2008",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "r2(x64) sp2"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "(x64) sp2"
      },
      {
        "model": "windows vista",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "sp2"
      },
      {
        "model": "internet information server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "microsoft",
        "version": "7.5"
      },
      {
        "model": "windows vista service pack",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20"
      },
      {
        "model": "windows server r2 itanium sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server r2 itanium",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20080"
      },
      {
        "model": "windows server r2 for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server r2 for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "20080"
      },
      {
        "model": "windows server for x64-based systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows server for 32-bit systems sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "2008"
      },
      {
        "model": "windows for x64-based systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for x64-based systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "70"
      },
      {
        "model": "windows for 32-bit systems sp1",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7"
      },
      {
        "model": "windows for 32-bit systems",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "70"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7.5"
      },
      {
        "model": "iis",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "56440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:microsoft:ftp_service",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_7",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_server_2008",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:microsoft:windows_vista",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "BID",
        "id": "56440"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-2532",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2012-2532",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-2532",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-2532",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201211-230",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\". Microsoft IIS is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. \nRemote attackers can exploit this issue to execute arbitrary commands with the privileges of the application; this may disclose sensitive information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNational Cyber Awareness System\n\nUS-CERT Alert TA12-318A\nMicrosoft Updates for Multiple Vulnerabilities\n\nOriginal release date: November 13, 2012\nLast revised: --\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Office\n     * Microsoft .NET Framework\n     * Internet Explorer\n\n\nOverview\n\n   Select Microsoft software products contain multiple\n   vulnerabilities. Microsoft has released updates to address these\n   vulnerabilities. \n\n\nDescription\n\n   The Microsoft Security Bulletin Summary for November 2012 describes\n   multiple vulnerabilities in Microsoft software. Microsoft has\n   released updates to address the vulnerabilities. \n\n\nImpact\n\n   A remote, unauthenticated attacker could execute arbitrary code,\n   cause a denial of service, or gain unauthorized access to your\n   files or system. \n\n\nSolution\n\n   Apply Updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for November 2012, which\n   describes any known issues related to the updates. Administrators\n   are encouraged to note these issues and test for any potentially\n   adverse effects. In addition, administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). Home users are encouraged to enable\n   automatic updates. \n\n\nReferences\n\n * Microsoft Security Bulletin Summary for November 2012\n   \u003chttp://technet.microsoft.com/en-us/security/bulletin/ms12-nov\u003e\n\n * Microsoft Windows Server Update Services\n   \u003chttp://technet.microsoft.com/en-us/wsus/default.aspx\u003e\n\n * Microsoft Update\n   \u003chttp://www.update.microsoft.com/\u003e\n\n * Microsoft Update Overview\n   \u003chttp://www.microsoft.com/security/updates/mu.aspx\u003e\n\n * Turn Automatic Updating On or Off\n   \u003chttp://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off\u003e\n\n\nRevision History\n\n  November 13, 2012: Initial release\n\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA12-318A Feedback VU#970852\" in\n   the subject. \n ____________________________________________________________________\n\n   Produced by US-CERT, a government organization. \n ____________________________________________________________________\n\nThis product is provided subject to this Notification: \nhttp://www.us-cert.gov/privacy/notification.html\n\nPrivacy \u0026 Use policy: \nhttp://www.us-cert.gov/privacy/\n\nThis document can also be found at\nhttp://www.us-cert.gov/cas/techalerts/TA12-318A.html\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/cas/signup.html\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR\nDRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/\nGCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB\ntPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U\nlEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws\nsqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA==\n=/QVO\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "BID",
        "id": "56440"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-2532",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "56440",
        "trust": 1.9
      },
      {
        "db": "USCERT",
        "id": "TA12-318A",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "118116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "56440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "id": "VAR-201211-0024",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-11-23T21:45:53.616000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "MS12-073",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-073"
      },
      {
        "title": "MS12-073",
        "trust": 0.8,
        "url": "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-073"
      },
      {
        "title": "TA12-318A",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-318a.html"
      },
      {
        "title": "Microsoft FTP Service Fixes for command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140796"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/56440"
      },
      {
        "trust": 1.6,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15786"
      },
      {
        "trust": 0.9,
        "url": "http://www.us-cert.gov/cas/techalerts/ta12-318a.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2532"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2012/at120035.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta12-318a"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2532"
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/#topics"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/privacy/notification.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/privacy/"
      },
      {
        "trust": 0.1,
        "url": "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.update.microsoft.com/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/security/updates/mu.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/wsus/default.aspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://technet.microsoft.com/en-us/security/bulletin/ms12-nov\u003e"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "56440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "56440"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-11-13T00:00:00",
        "db": "BID",
        "id": "56440"
      },
      {
        "date": "2012-11-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "date": "2012-11-15T02:44:59",
        "db": "PACKETSTORM",
        "id": "118116"
      },
      {
        "date": "2012-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "date": "2012-11-14T00:55:01.577000",
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2012-11-20T12:10:00",
        "db": "BID",
        "id": "56440"
      },
      {
        "date": "2012-11-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      },
      {
        "date": "2021-02-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      },
      {
        "date": "2024-11-21T01:39:12.037000",
        "db": "NVD",
        "id": "CVE-2012-2532"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft FTP Service for IIS Vulnerability in which important information is obtained",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2012-005347"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201211-230"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2012-2532

Vulnerability from fkie_nvd

Published

2012-11-14 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/56440	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56440	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	ftp_service	7.0
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	ftp_service	7.5
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ftp_service:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8771A0C8-D025-4276-ABFE-D20142424B49",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
              "matchCriteriaId": "CB32349F-815C-4715-8BC7-DFAC8B13D738",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "F8216946-5F76-48B9-91CC-207F657D7D3C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "0161C884-70A5-4AD0-BD80-F0F7B3D8579E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ftp_service:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3C0BE9-A392-4655-8035-670DD9DAE6A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "FE52F111-C761-4011-9AC4-8B9C0E9357D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
              "matchCriteriaId": "CB32349F-815C-4715-8BC7-DFAC8B13D738",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "F8216946-5F76-48B9-91CC-207F657D7D3C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
              "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
              "matchCriteriaId": "FFD7C2AE-CC44-4679-8558-15362B8E3922",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
              "matchCriteriaId": "9AFAE529-A356-4526-8487-D6CA37696219",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
              "matchCriteriaId": "0161C884-70A5-4AD0-BD80-F0F7B3D8579E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E33796DB-4523-4F04-B564-ADF030553D51",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
              "matchCriteriaId": "FE52F111-C761-4011-9AC4-8B9C0E9357D9",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
              "matchCriteriaId": "B7674920-AE12-4A25-BE57-34AEDDA74D76",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
              "matchCriteriaId": "FFD7C2AE-CC44-4679-8558-15362B8E3922",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
              "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
              "matchCriteriaId": "9AFAE529-A356-4526-8487-D6CA37696219",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Microsoft FTP Service v7.0 y v7.5 para Internet Information Services (IIS) procesa comandos no especificados antes de que TLS est\u00e9 habilitado para una sesi\u00f3n, lo que permite a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de las respuestas a estos comandos. Se trata de un problema tambi\u00e9n conocido como \"Vulnerabilidad de inyecci\u00f3n de comandos FTP\".\r\n"
    }
  ],
  "id": "CVE-2012-2532",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-14T00:55:01.577",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56440"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/56440"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2012-AVI-647

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Microsoft Internet Information Services (IIS). Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données au moyen de commandes FTP spécialement conçues.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 32-bit Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista x64 Edition Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 Itanium-Based Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 x64 Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 Itanium-Based
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 32-bit
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista x64 Edition Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 x64 Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 x64 Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 x64
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 x64
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Server 2008 32-bit Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista x64 Edition Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2 x64 Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista x64 Edition Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista Service Pack 2
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 x64
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 x64
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Vista Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 32-bit Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows 7 32-bit
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 32-bit
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista Service Pack 1
Microsoft	Windows	Microsoft Internet Information Services 7.5 sur Windows Server 2008 R2
Microsoft	Windows	Microsoft Internet Information Services 7.0 sur Windows Vista Service Pack 2

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-2532 (GCVE-0-2012-2532)

Vulnerability from cvelistv5

gsd-2012-2532

Vulnerability from gsd

ghsa-28x5-qp9q-fqqf

Vulnerability from github

var-201211-0024

Vulnerability from variot

fkie_cve-2012-2532

Vulnerability from fkie_nvd

CERTA-2012-AVI-647

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature