Vulnerability has been found in Microsoft Internet Information Services FTP server that can allow a remote attacker to potentially execute arbitrary code. IIS FTP servers that allow anonymous users write access can potentially be affected due to a boundary error when the server processes NLST commands. There is no solution to this problem at this time. Workarounds suggested are to not allow anonymous users write access.
For more information see the links below:
Posted by Brad Graves on September 01, 2009, in Handlers Log.