Security advisories

CVE-2017-7269 IIS 6.0 Buffer Overflow Vulnerability

February 26, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

eSentire has detected active exploit attempts for CVE-2017-7269 (IIS 6.0 Buffer Overflow Vulnerability). This exploit allows for remote code execution among affected devices. Currently, a proof-of-concept version of the exploit is publicly available to attackers that takes advantage of buffer overflow in the WebDAV component of IIS. Due to the publication of exploit code for this vulnerability, eSentire expects the frequency of exploit attempts may intensify in the coming days.

The WebDAV extension is disabled in a default install of IIS 6.0 and must be explicitly enabled in order for the server to be vulnerable. Exploitation attempts can be identified by looking for HTTP requests using the PROPFIND method and containing an IF header with shellcode in it. The vulnerability has not been detected in other versions of Internet Information Services. It was reportedly being exploited as far back as Summer 2016 but was only disclosed to the public on March 27, 2017.

Recommended Actions:

References:

https://nvd.nist.gov/vuln/detail/CVE-2017-7269

http://blog.trendmicro.com/trendlabs-security-intelligence/iis-6-0-vulnerability-leads-code-execution/

View Most Recent Advisories