cvelistv5 - cve-2012-2532

cve-2012-2532

Vulnerability from cvelistv5

Published

2012-11-14 00:00

Modified

2024-08-06 19:34

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/56440	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56440	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786	Third Party Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T19:34:25.771Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "56440",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/56440",
               },
               {
                  name: "oval:org.mitre.oval:def:15786",
                  tags: [
                     "vdb-entry",
                     "signature",
                     "x_refsource_OVAL",
                     "x_transferred",
                  ],
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
               },
               {
                  name: "MS12-073",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MS",
                     "x_transferred",
                  ],
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2012-11-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-12T19:57:01",
            orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            shortName: "microsoft",
         },
         references: [
            {
               name: "56440",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/56440",
            },
            {
               name: "oval:org.mitre.oval:def:15786",
               tags: [
                  "vdb-entry",
                  "signature",
                  "x_refsource_OVAL",
               ],
               url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
            },
            {
               name: "MS12-073",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MS",
               ],
               url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2012-2532",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "56440",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/56440",
                  },
                  {
                     name: "oval:org.mitre.oval:def:15786",
                     refsource: "OVAL",
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
                  },
                  {
                     name: "MS12-073",
                     refsource: "MS",
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
      assignerShortName: "microsoft",
      cveId: "CVE-2012-2532",
      datePublished: "2012-11-14T00:00:00",
      dateReserved: "2012-05-09T00:00:00",
      dateUpdated: "2024-08-06T19:34:25.771Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2012-2532\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2012-11-14T00:55:01.577\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \\\"FTP Command Injection Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Microsoft FTP Service v7.0 y v7.5 para Internet Information Services (IIS) procesa comandos no especificados antes de que TLS esté habilitado para una sesión, lo que permite a atacantes remotos obtener información sensible mediante la lectura de las respuestas a estos comandos. Se trata de un problema también conocido como \\\"Vulnerabilidad de inyección de comandos FTP\\\".\\r\\n\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ftp_service:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8771A0C8-D025-4276-ABFE-D20142424B49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*\",\"matchCriteriaId\":\"CB32349F-815C-4715-8BC7-DFAC8B13D738\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"F8216946-5F76-48B9-91CC-207F657D7D3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"0161C884-70A5-4AD0-BD80-F0F7B3D8579E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:ftp_service:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC3C0BE9-A392-4655-8035-670DD9DAE6A0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"FE52F111-C761-4011-9AC4-8B9C0E9357D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"7FE8B00B-4F39-4755-A323-8AD71F5E3EBE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*\",\"matchCriteriaId\":\"CB32349F-815C-4715-8BC7-DFAC8B13D738\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"F8216946-5F76-48B9-91CC-207F657D7D3C\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"B7674920-AE12-4A25-BE57-34AEDDA74D76\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*\",\"matchCriteriaId\":\"FFD7C2AE-CC44-4679-8558-15362B8E3922\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*\",\"matchCriteriaId\":\"9AFAE529-A356-4526-8487-D6CA37696219\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*\",\"matchCriteriaId\":\"0161C884-70A5-4AD0-BD80-F0F7B3D8579E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF1AD1A1-EE20-4BCE-9EE6-84B27139811C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E33796DB-4523-4F04-B564-ADF030553D51\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"FE52F111-C761-4011-9AC4-8B9C0E9357D9\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2B1C231-DE19-4B8F-A4AA-5B3A65276E46\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"7FE8B00B-4F39-4755-A323-8AD71F5E3EBE\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"B7674920-AE12-4A25-BE57-34AEDDA74D76\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*\",\"matchCriteriaId\":\"FFD7C2AE-CC44-4679-8558-15362B8E3922\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*\",\"matchCriteriaId\":\"9AFAE529-A356-4526-8487-D6CA37696219\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/56440\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/56440\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
   },
}

ghsa-28x5-qp9q-fqqf

Vulnerability from github

Published

2022-05-13 01:11

Modified

2022-05-13 01:11

Details

Show details on source website

JSON

To clipboard

{
   affected: [],
   aliases: [
      "CVE-2012-2532",
   ],
   database_specific: {
      cwe_ids: [
         "CWE-200",
      ],
      github_reviewed: false,
      github_reviewed_at: null,
      nvd_published_at: "2012-11-14T00:55:00Z",
      severity: "MODERATE",
   },
   details: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
   id: "GHSA-28x5-qp9q-fqqf",
   modified: "2022-05-13T01:11:45Z",
   published: "2022-05-13T01:11:45Z",
   references: [
      {
         type: "ADVISORY",
         url: "https://nvd.nist.gov/vuln/detail/CVE-2012-2532",
      },
      {
         type: "WEB",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
      },
      {
         type: "WEB",
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
      },
      {
         type: "WEB",
         url: "http://www.securityfocus.com/bid/56440",
      },
   ],
   schema_version: "1.4.0",
   severity: [],
}

gsd-2012-2532

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-2532

Aliases

CVE-2012-2532

JSON

To clipboard

{
   GSD: {
      alias: "CVE-2012-2532",
      description: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
      id: "GSD-2012-2532",
   },
   gsd: {
      metadata: {
         exploitCode: "unknown",
         remediation: "unknown",
         reportConfidence: "confirmed",
         type: "vulnerability",
      },
      osvSchema: {
         aliases: [
            "CVE-2012-2532",
         ],
         details: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
         id: "GSD-2012-2532",
         modified: "2023-12-13T01:20:16.418498Z",
         schema_version: "1.4.0",
      },
   },
   namespaces: {
      "cve.org": {
         CVE_data_meta: {
            ASSIGNER: "secure@microsoft.com",
            ID: "CVE-2012-2532",
            STATE: "PUBLIC",
         },
         affects: {
            vendor: {
               vendor_data: [
                  {
                     product: {
                        product_data: [
                           {
                              product_name: "n/a",
                              version: {
                                 version_data: [
                                    {
                                       version_value: "n/a",
                                    },
                                 ],
                              },
                           },
                        ],
                     },
                     vendor_name: "n/a",
                  },
               ],
            },
         },
         data_format: "MITRE",
         data_type: "CVE",
         data_version: "4.0",
         description: {
            description_data: [
               {
                  lang: "eng",
                  value: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
               },
            ],
         },
         problemtype: {
            problemtype_data: [
               {
                  description: [
                     {
                        lang: "eng",
                        value: "n/a",
                     },
                  ],
               },
            ],
         },
         references: {
            reference_data: [
               {
                  name: "56440",
                  refsource: "BID",
                  url: "http://www.securityfocus.com/bid/56440",
               },
               {
                  name: "oval:org.mitre.oval:def:15786",
                  refsource: "OVAL",
                  url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
               },
               {
                  name: "MS12-073",
                  refsource: "MS",
                  url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
               },
            ],
         },
      },
      "nvd.nist.gov": {
         configurations: {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:microsoft:ftp_service:7.0:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:a:microsoft:ftp_service:7.5:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: true,
                           },
                        ],
                        operator: "OR",
                     },
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
               {
                  children: [
                     {
                        children: [],
                        cpe_match: [
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                           {
                              cpe23Uri: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
                              cpe_name: [],
                              vulnerable: false,
                           },
                        ],
                        operator: "OR",
                     },
                  ],
                  cpe_match: [],
                  operator: "AND",
               },
            ],
         },
         cve: {
            CVE_data_meta: {
               ASSIGNER: "secure@microsoft.com",
               ID: "CVE-2012-2532",
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "en",
                     value: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "en",
                           value: "CWE-200",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "56440",
                     refsource: "BID",
                     tags: [
                        "Third Party Advisory",
                        "VDB Entry",
                     ],
                     url: "http://www.securityfocus.com/bid/56440",
                  },
                  {
                     name: "oval:org.mitre.oval:def:15786",
                     refsource: "OVAL",
                     tags: [
                        "Third Party Advisory",
                     ],
                     url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
                  },
                  {
                     name: "MS12-073",
                     refsource: "MS",
                     tags: [],
                     url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
                  },
               ],
            },
         },
         impact: {
            baseMetricV2: {
               cvssV2: {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  integrityImpact: "NONE",
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               exploitabilityScore: 10,
               impactScore: 2.9,
               obtainAllPrivilege: false,
               obtainOtherPrivilege: false,
               obtainUserPrivilege: false,
               severity: "MEDIUM",
               userInteractionRequired: false,
            },
         },
         lastModifiedDate: "2021-02-05T15:37Z",
         publishedDate: "2012-11-14T00:55Z",
      },
   },
}

Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability.". Microsoft IIS is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. Remote attackers can exploit this issue to execute arbitrary commands with the privileges of the application; this may disclose sensitive information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

National Cyber Awareness System

US-CERT Alert TA12-318A Microsoft Updates for Multiple Vulnerabilities

Original release date: November 13, 2012 Last revised: --

Systems Affected

 * Microsoft Windows
 * Microsoft Office
 * Microsoft .NET Framework
 * Internet Explorer

Overview

Select Microsoft software products contain multiple vulnerabilities. Microsoft has released updates to address these vulnerabilities.

Description

The Microsoft Security Bulletin Summary for November 2012 describes multiple vulnerabilities in Microsoft software. Microsoft has released updates to address the vulnerabilities.

Impact

A remote, unauthenticated attacker could execute arbitrary code, cause a denial of service, or gain unauthorized access to your files or system.

Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for November 2012, which describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. In addition, administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). Home users are encouraged to enable automatic updates.

References

Microsoft Security Bulletin Summary for November 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
Microsoft Windows Server Update Services http://technet.microsoft.com/en-us/wsus/default.aspx
Microsoft Update http://www.update.microsoft.com/
Microsoft Update Overview http://www.microsoft.com/security/updates/mu.aspx
Turn Automatic Updating On or Off http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off

Revision History

November 13, 2012: Initial release

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA12-318A Feedback VU#970852" in the subject.

Produced by US-CERT, a government organization.

This product is provided subject to this Notification: http://www.us-cert.gov/privacy/notification.html

Privacy & Use policy: http://www.us-cert.gov/privacy/

This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-318A.html

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR DRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/ GCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB tPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U lEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws sqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA== =/QVO -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-201211-0024",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "ftp service",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "7.5",
         },
         {
            model: "ftp service",
            scope: "eq",
            trust: 1.6,
            vendor: "microsoft",
            version: "7.0",
         },
         {
            model: "ftp service",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "7.0 for iis 7.0",
         },
         {
            model: "ftp service",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "7.5 for iis 7.0",
         },
         {
            model: "ftp service",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "7.5 for iis 7.5",
         },
         {
            model: "windows 7",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "(x32) sp1 before",
         },
         {
            model: "windows 7",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "(x64) sp1 before",
         },
         {
            model: "windows server 2008",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "(x64) sp2",
         },
         {
            model: "windows server 2008",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "(x86) sp2",
         },
         {
            model: "windows server 2008",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "r2(itanium) sp2",
         },
         {
            model: "windows server 2008",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "r2(x64) sp2",
         },
         {
            model: "windows vista",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "(x64) sp2",
         },
         {
            model: "windows vista",
            scope: "eq",
            trust: 0.8,
            vendor: "microsoft",
            version: "sp2",
         },
         {
            model: "internet information server",
            scope: "eq",
            trust: 0.6,
            vendor: "microsoft",
            version: "7.5",
         },
         {
            model: "windows vista service pack",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "20",
         },
         {
            model: "windows server r2 itanium sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "2008",
         },
         {
            model: "windows server r2 itanium",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "20080",
         },
         {
            model: "windows server r2 for x64-based systems sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "2008",
         },
         {
            model: "windows server r2 for x64-based systems",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "20080",
         },
         {
            model: "windows server for x64-based systems sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "2008",
         },
         {
            model: "windows server for 32-bit systems sp2",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "2008",
         },
         {
            model: "windows for x64-based systems sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "7",
         },
         {
            model: "windows for x64-based systems",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "70",
         },
         {
            model: "windows for 32-bit systems sp1",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "7",
         },
         {
            model: "windows for 32-bit systems",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "70",
         },
         {
            model: "iis",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "7.5",
         },
         {
            model: "iis",
            scope: "eq",
            trust: 0.3,
            vendor: "microsoft",
            version: "7.0",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "56440",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  cpe_match: [
                     {
                        cpe22Uri: "cpe:/a:microsoft:ftp_service",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:microsoft:windows_7",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:microsoft:windows_server_2008",
                        vulnerable: true,
                     },
                     {
                        cpe22Uri: "cpe:/o:microsoft:windows_vista",
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft",
      sources: [
         {
            db: "BID",
            id: "56440",
         },
      ],
      trust: 0.3,
   },
   cve: "CVE-2012-2532",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "nvd@nist.gov",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "CVE-2012-2532",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 1.8,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "nvd@nist.gov",
                  id: "CVE-2012-2532",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "NVD",
                  id: "CVE-2012-2532",
                  trust: 0.8,
                  value: "Medium",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-201211-230",
                  trust: 0.6,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\". Microsoft IIS is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input data. \nRemote attackers can exploit this issue to execute arbitrary commands with the privileges of the application; this may disclose sensitive information. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nNational Cyber Awareness System\n\nUS-CERT Alert TA12-318A\nMicrosoft Updates for Multiple Vulnerabilities\n\nOriginal release date: November 13, 2012\nLast revised: --\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Office\n     * Microsoft .NET Framework\n     * Internet Explorer\n\n\nOverview\n\n   Select Microsoft software products contain multiple\n   vulnerabilities. Microsoft has released updates to address these\n   vulnerabilities. \n\n\nDescription\n\n   The Microsoft Security Bulletin Summary for November 2012 describes\n   multiple vulnerabilities in Microsoft software. Microsoft has\n   released updates to address the vulnerabilities. \n\n\nImpact\n\n   A remote, unauthenticated attacker could execute arbitrary code,\n   cause a denial of service, or gain unauthorized access to your\n   files or system. \n\n\nSolution\n\n   Apply Updates\n\n   Microsoft has provided updates for these vulnerabilities in the\n   Microsoft Security Bulletin Summary for November 2012, which\n   describes any known issues related to the updates. Administrators\n   are encouraged to note these issues and test for any potentially\n   adverse effects. In addition, administrators should consider using\n   an automated update distribution system such as Windows Server\n   Update Services (WSUS). Home users are encouraged to enable\n   automatic updates. \n\n\nReferences\n\n * Microsoft Security Bulletin Summary for November 2012\n   <http://technet.microsoft.com/en-us/security/bulletin/ms12-nov>\n\n * Microsoft Windows Server Update Services\n   <http://technet.microsoft.com/en-us/wsus/default.aspx>\n\n * Microsoft Update\n   <http://www.update.microsoft.com/>\n\n * Microsoft Update Overview\n   <http://www.microsoft.com/security/updates/mu.aspx>\n\n * Turn Automatic Updating On or Off\n   <http://windows.microsoft.com/en-us/windows-vista/Turn-automatic-updating-on-or-off>\n\n\nRevision History\n\n  November 13, 2012: Initial release\n\n ____________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to <cert@cert.org> with \"TA12-318A Feedback VU#970852\" in\n   the subject. \n ____________________________________________________________________\n\n   Produced by US-CERT, a government organization. \n ____________________________________________________________________\n\nThis product is provided subject to this Notification: \nhttp://www.us-cert.gov/privacy/notification.html\n\nPrivacy & Use policy: \nhttp://www.us-cert.gov/privacy/\n\nThis document can also be found at\nhttp://www.us-cert.gov/cas/techalerts/TA12-318A.html\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/cas/signup.html\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBUKKbnXdnhE8Qi3ZhAQLN4gf+KyOiTaktnc1wbWdbBogH12NJbOR5Y7PR\nDRpdn+3Iqyua02oxy2bXy3C/uV1xz2FlRylXS7PRNdka8RboUUOP3jY4DADR2UW/\nGCtxskzWydk+w8OT8OvGiwD5TPaUXb/OawDEN5HW2R/Q+vZAcnGvOeuWbvCjM1hB\ntPUsQLM8QEXQ0oIPelTVBGlBKAXaYdkekTJcpx5sJC1qUn+976hFsajHugBOk06U\nlEhvTK7eiMpQOeQ0RYeMd8V4cP6h+WYTjxzruckfP4HwMeJARuq6UnTDzZ8mKYws\nsqs4xqaTr+8eOnoM7G1/7MMDhS2epvbbt7J/MXFp6tc0nVaLnskIQA==\n=/QVO\n-----END PGP SIGNATURE-----\n",
      sources: [
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "BID",
            id: "56440",
         },
         {
            db: "PACKETSTORM",
            id: "118116",
         },
      ],
      trust: 1.98,
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "NVD",
            id: "CVE-2012-2532",
            trust: 2.7,
         },
         {
            db: "BID",
            id: "56440",
            trust: 1.9,
         },
         {
            db: "USCERT",
            id: "TA12-318A",
            trust: 0.9,
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
            trust: 0.8,
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
            trust: 0.6,
         },
         {
            db: "PACKETSTORM",
            id: "118116",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "BID",
            id: "56440",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "PACKETSTORM",
            id: "118116",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   id: "VAR-201211-0024",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VARIoT devices database",
            id: null,
         },
      ],
      trust: 1,
   },
   last_update_date: "2024-11-23T21:45:53.616000Z",
   patch: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/patch#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            title: "MS12-073",
            trust: 0.8,
            url: "http://technet.microsoft.com/en-us/security/bulletin/ms12-073",
         },
         {
            title: "MS12-073",
            trust: 0.8,
            url: "http://technet.microsoft.com/ja-jp/security/bulletin/ms12-073",
         },
         {
            title: "TA12-318A",
            trust: 0.8,
            url: "http://software.fujitsu.com/jp/security/vulnerabilities/ta12-318a.html",
         },
         {
            title: "Microsoft FTP Service Fixes for command injection vulnerabilities",
            trust: 0.6,
            url: "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140796",
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
      ],
   },
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "CWE-200",
            trust: 1.8,
         },
      ],
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.6,
            url: "http://www.securityfocus.com/bid/56440",
         },
         {
            trust: 1.6,
            url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
         },
         {
            trust: 1.6,
            url: "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15786",
         },
         {
            trust: 0.9,
            url: "http://www.us-cert.gov/cas/techalerts/ta12-318a.html",
         },
         {
            trust: 0.8,
            url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2532",
         },
         {
            trust: 0.8,
            url: "http://www.jpcert.or.jp/at/2012/at120035.txt",
         },
         {
            trust: 0.8,
            url: "http://jvn.jp/cert/jvnta12-318a",
         },
         {
            trust: 0.8,
            url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2532",
         },
         {
            trust: 0.8,
            url: "http://www.npa.go.jp/cyberpolice/#topics",
         },
         {
            trust: 0.3,
            url: "http://www.microsoft.com/windowsserver2003/iis/default.mspx",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/privacy/notification.html",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/privacy/",
         },
         {
            trust: 0.1,
            url: "http://windows.microsoft.com/en-us/windows-vista/turn-automatic-updating-on-or-off>",
         },
         {
            trust: 0.1,
            url: "http://www.update.microsoft.com/>",
         },
         {
            trust: 0.1,
            url: "http://www.microsoft.com/security/updates/mu.aspx>",
         },
         {
            trust: 0.1,
            url: "http://www.us-cert.gov/cas/signup.html",
         },
         {
            trust: 0.1,
            url: "http://technet.microsoft.com/en-us/wsus/default.aspx>",
         },
         {
            trust: 0.1,
            url: "http://technet.microsoft.com/en-us/security/bulletin/ms12-nov>",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "56440",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "PACKETSTORM",
            id: "118116",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "BID",
            id: "56440",
         },
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            db: "PACKETSTORM",
            id: "118116",
         },
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-11-13T00:00:00",
            db: "BID",
            id: "56440",
         },
         {
            date: "2012-11-15T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            date: "2012-11-15T02:44:59",
            db: "PACKETSTORM",
            id: "118116",
         },
         {
            date: "2012-11-14T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            date: "2012-11-14T00:55:01.577000",
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2012-11-20T12:10:00",
            db: "BID",
            id: "56440",
         },
         {
            date: "2012-11-16T00:00:00",
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
         {
            date: "2021-02-07T00:00:00",
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
         {
            date: "2024-11-21T01:39:12.037000",
            db: "NVD",
            id: "CVE-2012-2532",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Microsoft FTP Service for IIS Vulnerability in which important information is obtained",
      sources: [
         {
            db: "JVNDB",
            id: "JVNDB-2012-005347",
         },
      ],
      trust: 0.8,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "information disclosure",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-201211-230",
         },
      ],
      trust: 0.6,
   },
}

fkie_cve-2012-2532

Vulnerability from fkie_nvd

Published

2012-11-14 00:55

Modified

2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/56440	Third Party Advisory, VDB Entry
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/56440	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	ftp_service	7.0
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	ftp_service	7.5
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2008	*
microsoft	windows_server_2008	*
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_vista	*
microsoft	windows_vista	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_7	-
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2
microsoft	windows_server_2008	r2

JSON

To clipboard

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:ftp_service:7.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "8771A0C8-D025-4276-ABFE-D20142424B49",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
                     matchCriteriaId: "CB32349F-815C-4715-8BC7-DFAC8B13D738",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
                     matchCriteriaId: "F8216946-5F76-48B9-91CC-207F657D7D3C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
                     matchCriteriaId: "0161C884-70A5-4AD0-BD80-F0F7B3D8579E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:microsoft:ftp_service:7.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "DC3C0BE9-A392-4655-8035-670DD9DAE6A0",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E33796DB-4523-4F04-B564-ADF030553D51",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
                     matchCriteriaId: "FE52F111-C761-4011-9AC4-8B9C0E9357D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
                     matchCriteriaId: "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:*",
                     matchCriteriaId: "CB32349F-815C-4715-8BC7-DFAC8B13D738",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:*",
                     matchCriteriaId: "F8216946-5F76-48B9-91CC-207F657D7D3C",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                     matchCriteriaId: "B7674920-AE12-4A25-BE57-34AEDDA74D76",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
                     matchCriteriaId: "FFD7C2AE-CC44-4679-8558-15362B8E3922",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                     matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
                     matchCriteriaId: "9AFAE529-A356-4526-8487-D6CA37696219",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:*:sp2:*:*:*:*:x64:*",
                     matchCriteriaId: "0161C884-70A5-4AD0-BD80-F0F7B3D8579E",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_vista:-:sp2:*:*:*:*:*:*",
                     matchCriteriaId: "BF1AD1A1-EE20-4BCE-9EE6-84B27139811C",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*",
                     matchCriteriaId: "E33796DB-4523-4F04-B564-ADF030553D51",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:x64:*",
                     matchCriteriaId: "FE52F111-C761-4011-9AC4-8B9C0E9357D9",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*",
                     matchCriteriaId: "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:x64:*",
                     matchCriteriaId: "7FE8B00B-4F39-4755-A323-8AD71F5E3EBE",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:x64:*",
                     matchCriteriaId: "B7674920-AE12-4A25-BE57-34AEDDA74D76",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:itanium:*:*:*",
                     matchCriteriaId: "FFD7C2AE-CC44-4679-8558-15362B8E3922",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
                     matchCriteriaId: "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
                     vulnerable: false,
                  },
                  {
                     criteria: "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:itanium:*:*:*",
                     matchCriteriaId: "9AFAE529-A356-4526-8487-D6CA37696219",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka \"FTP Command Injection Vulnerability.\"",
      },
      {
         lang: "es",
         value: "Microsoft FTP Service v7.0 y v7.5 para Internet Information Services (IIS) procesa comandos no especificados antes de que TLS esté habilitado para una sesión, lo que permite a atacantes remotos obtener información sensible mediante la lectura de las respuestas a estos comandos. Se trata de un problema también conocido como \"Vulnerabilidad de inyección de comandos FTP\".\r\n",
      },
   ],
   id: "CVE-2012-2532",
   lastModified: "2025-04-11T00:51:21.963",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2012-11-14T00:55:01.577",
   references: [
      {
         source: "secure@microsoft.com",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/56440",
      },
      {
         source: "secure@microsoft.com",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
      },
      {
         source: "secure@microsoft.com",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
            "VDB Entry",
         ],
         url: "http://www.securityfocus.com/bid/56440",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-073",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Third Party Advisory",
         ],
         url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15786",
      },
   ],
   sourceIdentifier: "secure@microsoft.com",
   vulnStatus: "Deferred",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2012-2532

Vulnerability from cvelistv5

ghsa-28x5-qp9q-fqqf

Vulnerability from github

gsd-2012-2532

Vulnerability from gsd

var-201211-0024

Vulnerability from variot

fkie_cve-2012-2532

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature