← back
CVE-2017-7269

CVE-2017-7269

CVSS 9.8 CRITICALEPSS 99.8%● KEVCWE-120
In short

A buffer overflow vulnerability in IIS 6.0's WebDAV service allows attackers to crash the server or run malicious code by sending a specially crafted request with an extremely long header. This is a critical flaw because it can be exploited remotely without authentication.

Technical detail

The ScStoragePathFromUrl function in IIS 6.0 WebDAV fails to properly validate header length in PROPFIND requests starting with 'If: <http://', causing a stack-based buffer overflow. Remote attackers can achieve arbitrary code execution with SYSTEM privileges; exploitation requires network access but no authentication.

Summary generated and translated by AI from the official description.
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found27
githubgithub.com/zcgonvh/cve-2017-7269134githubgithub.com/g0rx/iis6-exploit-2017-CVE-2017-726992githubgithub.com/lcatro/CVE-2017-7269-Echo-PoC89githubgithub.com/zcgonvh/cve-2017-7269-tool88githubgithub.com/eliuha/webdav_exploit22githubgithub.com/Al1ex/CVE-2017-726911githubgithub.com/slimpagey/IIS_6.0_WebDAV_Ruby5githubgithub.com/h3x0v3rl0rd/CVE-2017-72695githubgithub.com/geniuszly/CVE-2017-72694githubgithub.com/Cappricio-Securities/CVE-2017-72691githubgithub.com/caicai1355/CVE-2017-7269-exploit1githubgithub.com/nika0x38/CVE-2017-72691githubgithub.com/xiaovpn/CVE-2017-72690githubgithub.com/Killian0713/Assignement_3-CVE-2017-72690githubgithub.com/M1a0rz/CVE-2017-72690githubgithub.com/whiteHat001/cve-2017-7269picture0githubgithub.com/homjxi0e/cve-2017-72690githubgithub.com/mirrorblack/CVE-2017-72690githubgithub.com/ThanHuuTuan/CVE-2017-72690githubgithub.com/denchief1/CVE-2017-7269_Python30githubgithub.com/denchief1/CVE-2017-72690githubgithub.com/VanishedPeople/CVE-2017-72690githubgithub.com/Admin2099/Penetration-Testing-Assessment-23-04-20260cve_referencewww.exploit-db.com/exploits/41738/unverifiedexploitdbwww.exploit-db.com/exploits/41738unverifiedcve_referencewww.exploit-db.com/exploits/41992/unverifiedexploitdbwww.exploit-db.com/exploits/41992unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.htmlhttps://github.com/danigargu/explodingcanhttps://github.com/edwardz246003/IIS_exploithttps://github.com/rapid7/metasploit-framework/pull/8162https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-serverhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-7269https://www.exploit-db.com/exploits/41738/https://www.exploit-db.com/exploits/41992/http://www.securityfocus.com/bid/97127http://www.securitytracker.com/id/1038168