Description

IIS 6.0 with the Web Service Extension "WebDAV" is prone to a buffer overflow vulnerability, allowing an unauthenticated attacker to obtain arbitrary remote code execution.

Remediation

Prohibit the Web Service Extension "WebDAV". To do so, open the IIS Manager snap-in, navigate to the "Web Service Extensions" folder, select the "WebDAV" entry and press the "Prohibit" button. Alternatively, upgrade to a more recent IIS version.

References

CVE-2017-7269 at cve.mitre.org

0patching the 'Immortal' CVE-2017-7269

Related Vulnerabilities

WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)

WordPress Plugin wSecure Lite Remote Code Execution (2.3)

OpenX arbitrary file upload

Python Debugger Unauthorized Access Vulnerability

WordPress Plugin Include Me Remote Code Execution (1.2.1)

Severity

High

Classification

CVE-2017-7269 CWE-287 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Buffer Overflow Code Execution