Zero-day vulnerability in Microsoft IIS
Buffer overflow
CVE-2017-7269
There are reports that this vulnerability is being actively exploited in the wild against legacy installations of Microsoft IIS 6.0 in July and August 2016. At the time of publication the product was no longer supported by the vendor. However Microsoft has decided to release a security patch to address this issue on June 13, 2017.
EXPLODINGCAN
Vulnerability details
Advisory: SB2017032801 - Remote code execution in Microsoft IIS 6.0
Vulnerable component: Microsoft IIS
CVE-ID: CVE-2017-7269
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in ScStoragePathFromUrl() function in the WebDAV service when processing overly long HTTP header beginning with "If: <http://" in a PROPFIND request. A remote unauthenticated attacker can trigger buffer overflow and execute arbitrary code on the target system with privileges of the IIS service.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability is being actively exploited in the wild in July and August 2016.
Public Exploits:
- Microsoft IIS - WebDav 'ScStoragePathFromUrl' Overflow (Metasploit) [Exploit-DB]
- Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow [Exploit-DB]
External links: