Description

IIS 6.0 with the Web Service Extension "WebDAV" is prone to a buffer overflow vulnerability, allowing an unauthenticated attacker to obtain arbitrary remote code execution.

Remediation

Prohibit the Web Service Extension "WebDAV". To do so, open the IIS Manager snap-in, navigate to the "Web Service Extensions" folder, select the "WebDAV" entry and press the "Prohibit" button. Alternatively, upgrade to a more recent IIS version.

References

CVE-2017-7269 at cve.mitre.org

0patching the 'Immortal' CVE-2017-7269

Related Vulnerabilities

Telerik Web UI RadAsyncUpload Deserialization

MovableType remote code execution

PHP HTML entity encoder heap overflow vulnerability

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)

Severity

High

Classification

CVE-2017-7269 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Buffer Overflow Code Execution