Bird_banner_small4
Microsoft IIS WebDAV ScStoragePathFromUrl Buffer Overflow
TSL ID TSL20170327-01
CVE ID(s) CVE-2017-7269
Severity Critical
Description

A buffer overflow exists in Microsoft Internet Information Services 6.0. The vulnerability is due to improper validation of a long "If: " header in an HTTP request.

A remote attacker could exploit this vulnerability by sending a crafted request over a network to the vulnerable application. Successful exploitation could result in denial of service conditions or, in the worst case, arbitrary code execution in the context of NETWORK SERVICE.

The vendor, Microsoft, has not addressed the vulnerability.

Affected Products
  • Microsoft Windows Server 2003 R2
CVSS Score Base 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is PARTIAL
  • Impact of this vulnerability on data availability is PARTIAL
Temporal 6.1 (E:POC/RL:U/RC:C):
  • The exploitability level of this vulnerability is PROOF OF CONCEPT
  • The remediation level of this vulnerability is UNAVAILABLE
  • The report confidence level of this vulnerability is CONFIRMED
References https://cve.circl.lu/cve/CVE-2017-7269
https://github.com/edwardz246003/IIS_exploit
Related Threats