CVE-2017-7269
KEV
🔴 Łataj teraz
Przepełnienie bufora w funkcji ScStoragePathFromUrl w IIS 6.0 umożliwia zdalne wykonanie kodu.
CVSS
9.8
EPSS
94.4%
Exploit
weaponized
Vendor
microsoft
Opis źródłowy (NVD)
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 94.4% |
| Opublikowano (NVD) | 2017-03-27 02:59:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-21 18:02:39 UTC |
Referencje
- http://www.securityfocus.com/bid/97127 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1038168 (cve@mitre.org) [Broken Link, Third Party Advisory, VDB Entry]
- https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html (cve@mitre.org) [Exploit, Third Party Advisory]
- https://github.com/danigargu/explodingcan (cve@mitre.org) [Exploit]
- https://github.com/edwardz246003/IIS_exploit (cve@mitre.org) [Broken Link, Third Party Advisory]
- https://github.com/rapid7/metasploit-framework/pull/8162 (cve@mitre.org) [Issue Tracking, Patch]
- https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812 (cve@mitre.org) [Exploit]
- https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server (cve@mitre.org) [Broken Link, Patch, Vendor Advisory]
- https://www.exploit-db.com/exploits/41738/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.exploit-db.com/exploits/41992/ (cve@mitre.org) [Exploit, Third Party Advisory, VDB Entry]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7269 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]