Remote Code Execution Vulnerability in IIS 6.0 WebDAV Service

Remote Code Execution Vulnerability in IIS 6.0 WebDAV Service

CVE-2017-7269 · HIGH Severity

AV:N/AC:L/AU:N/C:C/I:C/A:C

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Learn more about our Cis Benchmark Audit For Microsoft Iis.