Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 14 Mar 2025 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft internet Information Services
CPEs cpe:2.3:a:microsoft:internet_information_server:6.0:*:*:*:*:*:*:* cpe:2.3:a:microsoft:internet_information_services:6.0:*:*:*:*:*:*:*
Vendors & Products Microsoft internet Information Server
Microsoft internet Information Services

Tue, 04 Feb 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2025-07-30T01:46:30.135Z

Reserved: 2017-03-26T00:00:00.000Z

Link: CVE-2017-7269

cve-icon Vulnrichment

Updated: 2024-08-05T15:56:36.424Z

cve-icon NVD

Status : Deferred

Published: 2017-03-27T02:59:00.453

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-7269

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.