Microsoft IIS 6.0 WebDAV Buffer Overflow

Description
  • IIS 6.0 with the Web Service Extension "WebDAV" is prone to a buffer overflow vulnerability, allowing an unauthenticated attacker to obtain arbitrary remote code execution.
Remediation
  • Prohibit the Web Service Extension "WebDAV". To do so, open the IIS Manager snap-in, navigate to the "Web Service Extensions" folder, select the "WebDAV" entry and press the "Prohibit" button. Alternatively, upgrade to a more recent IIS version.
References