⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2017-7269

CWE-120Classic Buffer OverflowCWE-119Buffer Overflow21 documents12 sources
Severity
9.8CRITICAL
EPSS
94.4%
top 0.02%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedMar 27
KEV addedNov 3
KEV dueMay 3
Latest updateMay 14
CISA Required Action: Apply updates per vendor instructions.

Description

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

Patches

Patch: github.comPatch: support.microsoft.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-fj79-76j8-9vjm: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 62022-05-14
CVEList
CVE-2017-7269: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 62017-03-27
VulnCheck
Microsoft Windows Server Buffer Overflow Vulnerability2017

💥Exploits & PoCs

3
Exploit-DB
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit)2017-05-11
Exploit-DB
Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer Overflow2017-03-27
Nuclei
Windows Server 2003 & IIS 6.0 - Remote Code Execution

🔍Detection Rules

2
Suricata
ET WEB_SERVER Microsoft IIS Remote Code Execution (CVE-2017-7269)2017-03-28
YARA
HKTL_NET_NAME_cve_2017_7269_tool

📋Vendor Advisories

1
CISA
Microsoft Windows Server Buffer Overflow Vulnerability2021-11-03

🕵️Threat Intelligence

11
Fortinet
Buffer Overflow Attack Targeting Microsoft IIS 6.0 Returns2018-05-23
Qualys
Microsoft IIS 6.0 Buffer Overflow Zero Day2017-04-01
Qualys
Microsoft IIS 6.0 Buffer Overflow Zero Day | Qualys2017-04-01
Qualys
Protect Against Critical IIS 6.0 Buffer Overflow vulnerability (CVE-2017-7269) with Qualys WAF2017-03-30
Qualys
Protect Against Critical IIS 6.0 Buffer Overflow vulnerability (CVE-2017-7269) with Qualys WAF | Qualys2017-03-30
CVE-2017-7269 (CRITICAL CVSS 9.8) | Buffer overflow in the ScStoragePat | cvebase.io