Monday, November 25, 2024
HomeCVE/vulnerabilityAround 8 million websites affected by a critical Buffer Overflow Vulnerability resides...

Around 8 million websites affected by a critical Buffer Overflow Vulnerability resides in IIS 6.0

Published on

Internet Information Services is an extensible web server made by Microsoft for use with the Windows NT family.IIS can help you achieve better performance, reliability, scalability, and security for your websites.

The IIS6.0 zero-day flaw was found by two scientists with the Information Security Lab and School of Computer Science and Engineering, South China University of Technology Guangzhou, China who distributed a POC code misuse on GitHub.

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If:

- Advertisement - SIEM as a Service

CVE-2017-7269 Buffer Overflow Vulnerability

A remote attacker could misuse this exploit in the IIS WebDAV Component with a crafted request utilizing PROPFIND technique. Successful exploitation could result in denial of service attack or arbitrary code execution with regards to the client running the application.

Successful exploitation could result in denial of service attack or arbitrary code execution with regards to the client running the application.As per analysis from Trend Micro.

According to researchers, the vulnerability was exploited in wild of June or July and it was disclosed publically by March 27.

Web Distributed Authoring and Versioning (WebDAV) is an extension of the HTTP protocol that permits customers to perform remote Web content authoring operations.

This vulnerability is exploited using the PROPFIND method and IF header. The PROPFIND method retrieves properties defined on the resource identified by the Request-URI. All the WebDAV-Compliant resources must support the PROPFIND method.

As per the report by W3Techs Microsoft-IIS is used by 11.4% of all websites and version 6 is roughly around 1.3%.

8 million websites affected by a critical Buffer Overflow Vulnerability resides in IIS 6.0

Mitigations

  • Windows server that shipped with newer versions of IIS are not affected by this vulnerability.
  • As Microsoft ends support for IIS 6.0 already on July 14, 2015, there is no patch for this vulnerability.
  • In order to Mitigate the risk disabling the WebDAV service on the vulnerable IIS 6.0 installation is recommended.

Also read:

Latest articles

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting...

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ...

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to...

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities,...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip,...

Helldown Ransomware Attacking VMware ESXi And Linux Servers

Helldown, a new ransomware group, actively exploits vulnerabilities to breach networks, as since August...

Volt Typhoon Attacking U.S. Critical Infra To Maintain Persistent Access

Volt Typhoon, a Chinese state-sponsored threat actor, targets critical infrastructure sectors like communications, energy,...