1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IIS Server CVE-2017-7269

Web Attack: IIS Server CVE-2017-7269

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

Additional Information

Microsoft Internet Information Service (IIS) is a web server available for Microsoft Windows.

Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Specifically, this issue affects the 'ScStoragePathFromUrl' function in the 'WebDAV' service. An attacker can exploit this issue through a specially crafted request containing a long header.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

Affected

  • Microsoft Internet Information Services 6.0 running on Microsoft Windows Server 2003 R2 is vulnerable; other versions may also be affected.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube