The 2010 Pwnie Nominee For Best Server-Side Bug

IIS FTP Server NLST buffer overflow (CVE-2009-3023)

Credit: Kingcope

Kingcope’s latest vulnerability was a stack overflow in the IIS FTP server. It was posted on the Full-Disclosure mailing list and was accompanied by working exploit code. The vulnerability was stopped by the stack cookie on IIS6, but it was easily exploitable on older versions.