返回 CVE 瀏覽器

CVE-2017-7269

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score91.3940%

EPSS Percentile89.44th

Published2017年3月27日

Last Modified2026年4月21日

Vulnerability Description

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.

Affected Platforms (CPE)

📦

Microsoft

Internet Information Services

= 6.0

References & Advisories

🔗 http://www.securityfocus.com/bid/97127

🔗 http://www.securitytracker.com/id/1038168

🔗 https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html

🔗 https://github.com/danigargu/explodingcan

🔗 https://github.com/edwardz246003/IIS_exploit

🔗 https://github.com/rapid7/metasploit-framework/pull/8162

🔗 https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812

🔗 https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server

相關漏洞威脅

CVE-2006-634610.0

Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier...

CVE-2007-249410.0

Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers ...

CVE-2003-022410.0

Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code vi...

CVE-2007-281510.0

The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Wind...