Microsoft Internet Information Services vulnerabilities

CVE-2017-7269 [CRITICAL] CWE-120 CVE-2017-7269: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information S Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

CVE-2014-4078 [MEDIUM] CWE-264 CVE-2014-4078: The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not proper The IP Security feature in Microsoft Internet Information Services (IIS) 8.0 and 8.5 does not properly process wildcard allow and deny rules for domains within the "IP Address and Domain Restrictions" list, which makes it easier for remote attackers to bypass an intended rule set via an HTTP request, aka "IIS Security Feature Bypass Vulnerability."

CVE-2011-5279 [MEDIUM] CVE-2011-5279: CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (I CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVE-2010-3972 [CRITICAL] CWE-119 CVE-2010-3972: Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Micros Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vul

CVE-2010-2730 [CRITICAL] CWE-119 CVE-2010-2730: Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allow Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability."

CVE-2010-1899 [MEDIUM] CWE-119 CVE-2010-1899: Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."

CVE-2009-4444 [MEDIUM] CVE-2009-4444: Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon

CVE-2009-4445 [MEDIUM] CWE-20 CVE-2009-4445: Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party Microsoft Internet Information Services (IIS), when used in conjunction with unspecified third-party upload applications, allows remote attackers to create empty files with arbitrary extensions via a filename containing an initial extension followed by a : (colon) and a safe extension, as demonstrated by an upload of a .asp:.jpg file that results in cr

CVE-2009-2521 [MEDIUM] CWE-400 CVE-2009-2521: Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."

CVE-2009-1535 [HIGH] CVE-2009-1535: The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote atta The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypa

CVE-2009-1122 [HIGH] CWE-287 CVE-2009-1122: The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does n The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

CVE-2003-1567 [MEDIUM] CWE-200 CVE-2003-1567: The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the conte The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that

CVE-2003-1566 [MEDIUM] CWE-16 CVE-2003-1566: Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, w Microsoft Internet Information Services (IIS) 5.0 does not log requests that use the TRACK method, which allows remote attackers to obtain sensitive information without detection.

CVE-2008-1446 [CRITICAL] CWE-190 CVE-2008-1446: Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Infor Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a we

CVE-2008-0074 [HIGH] CWE-264 CVE-2008-0074: Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows lo Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows local users to gain privileges via unknown vectors related to file change notifications in the TPRoot, NNTPFile\Root, or WWWRoot folders.

CVE-2007-2815 [CRITICAL] CWE-264 CVE-2007-2815: The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.

CVE-2006-6578 [HIGH] CVE-2006-6578: Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EX Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

CVE-2006-6579 [MEDIUM] CVE-2006-6579: Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WIN Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

CVE-2006-0026 [MEDIUM] CVE-2006-0026: Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP).

CVE-2005-4360 [HIGH] CWE-252 CVE-2005-4360: The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 a The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/