// For flags

CVE-2017-7269

Microsoft Windows Server Buffer Overflow Vulnerability

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

23
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

Act
*SSVC
Descriptions

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Desbordamiento de búfer en la función ScStoragePathFromUrl en el servicio WebDAV en Internet Information Services (IIS) 6.0 en Microsoft Windows Server 2003 R2 permite a atacantes remotos ejecutar código arbitrario a través de una cabecera larga comenzando con "If:

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If:

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Act
Exploitation
Active
Automatable
Yes
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2017-03-26 CVE Reserved
  • 2017-03-27 CVE Published
  • 2017-03-27 First Exploit
  • 2021-11-03 Exploited in Wild
  • 2022-05-03 KEV Due Date
  • 2025-02-04 CVE Updated
  • 2025-03-18 EPSS Updated
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
  • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (31)
URL Tag Source
http://www.securityfocus.com/bid/97127 Vdb Entry
http://www.securitytracker.com/id/1038168 Vdb Entry
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html X_refsource_misc
https://github.com/danigargu/explodingcan X_refsource_misc
https://github.com/edwardz246003/IIS_exploit Third Party Advisory
https://github.com/rapid7/metasploit-framework/pull/8162 X_refsource_misc
https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812 X_refsource_misc
https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server X_refsource_confirm
URL Date SRC
https://packetstorm.news/files/id/141997 2017-03-27
https://packetstorm.news/files/id/142471 2017-05-11
https://packetstorm.news/files/id/142060 2017-04-08
https://www.exploit-db.com/exploits/41992 2025-02-04
https://www.exploit-db.com/exploits/41738 2025-02-04
https://github.com/g0rx/iis6-exploit-2017-CVE-2017-7269 2017-04-05
https://github.com/lcatro/CVE-2017-7269-Echo-PoC 2018-10-27
https://github.com/Al1ex/CVE-2017-7269 2018-04-28
https://github.com/caicai1355/CVE-2017-7269-exploit 2017-03-29
https://github.com/N3rdyN3xus/CVE-2017-7269 2021-07-16
https://github.com/VanishedPeople/CVE-2017-7269 2024-08-08
https://github.com/denchief1/CVE-2017-7269 2022-08-29
https://github.com/Cappricio-Securities/CVE-2017-7269 2024-06-21
https://github.com/ThanHuuTuan/CVE-2017-7269 2017-04-04
https://github.com/eliuha/webdav_exploit 2024-09-24
https://github.com/whiteHat001/cve-2017-7269picture 2017-03-30
https://github.com/zcgonvh/cve-2017-7269 2024-11-13
https://github.com/slimpagey/IIS_6.0_WebDAV_Ruby 2024-08-12
https://github.com/homjxi0e/cve-2017-7269 2017-04-13
https://github.com/n3rdh4x0r/CVE-2017-7269 2024-01-13
https://github.com/geniuszlyy/CVE-2017-7269 2024-10-21
https://github.com/AxthonyV/CVE-2017-7269 2024-10-07
https://github.com/geniuszly/CVE-2017-7269 2024-10-21
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Internet Information Server
Search vendor "Microsoft" for product "Internet Information Server"
 6.0
Search vendor "Microsoft" for product "Internet Information Server" and version "6.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows Server 2003
Search vendor "Microsoft" for product "Windows Server 2003"
-r2
Safe