Vulnerability Details : CVE-2017-7269
Public exploit exists!
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
Vulnerability category: OverflowExecute code
Products affected by CVE-2017-7269
- cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:*
CVE-2017-7269 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Windows Server Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2017-7269
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2017-7269
97.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-7269
-
Microsoft IIS WebDav ScStoragePathFromUrl Overflow
Disclosure Date: 2017-03-26First seen: 2020-04-26exploit/windows/iis/iis_webdav_scstoragepathfromurlBuffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http:/
CVSS scores for CVE-2017-7269
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-25 |
CWE ids for CVE-2017-7269
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-7269
-
https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812
Number of internet facing vulnerable IIS 6.0 to CVE-2017–7269
-
https://www.exploit-db.com/exploits/41992/
Microsoft IIS - WebDav 'ScStoragePathFromUrl' Remote Overflow (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/41738/
Microsoft IIS 6.0 - WebDAV 'ScStoragePathFromUrl' Remote Buffer OverflowExploit;Third Party Advisory;VDB Entry
-
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
0patch Blog: 0patching the "Immortal" CVE-2017-7269Exploit;Third Party Advisory
-
https://github.com/edwardz246003/IIS_exploit
GitHub - edwardz246003/IIS_exploit: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remBroken Link;Third Party Advisory
-
https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server
Description of the security update for Windows XP and Windows Server 2003: June 13, 2017Broken Link;Patch;Vendor Advisory
-
https://github.com/danigargu/explodingcan
GitHub - danigargu/explodingcan: An implementation of NSA's ExplodingCan exploit in PythonExploit
-
http://www.securityfocus.com/bid/97127
Microsoft Internet Information Services CVE-2017-7269 Buffer Overflow VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1038168
Microsoft Internet Information Server (IIS) Web Server Buffer Overflow in WebDAV ScStoragePathFromUrl() Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://github.com/rapid7/metasploit-framework/pull/8162
Add IIS 6.0 ScStoragePathFromUrl exploit (CVE-2017-7269) by dmchell · Pull Request #8162 · rapid7/metasploit-framework · GitHubIssue Tracking;Patch
-
https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812
Number of internet facing vulnerable IIS 6.0 to CVE-2017–7269 | by Iraklis Mathiopoulos | MediumExploit
Jump to