Internet Information Services is an extensible web server made by Microsoft for use with the Windows NT family.IIS can help you achieve better performance, reliability, scalability, and security for your websites.
The IIS6.0 zero-day flaw was found by two scientists with the Information Security Lab and School of Computer Science and Engineering, South China University of Technology Guangzhou, China who distributed a POC code misuse on GitHub.
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If:
A remote attacker could misuse this exploit in the IIS WebDAV Component with a crafted request utilizing PROPFIND technique. Successful exploitation could result in denial of service attack or arbitrary code execution with regards to the client running the application.
Successful exploitation could result in denial of service attack or arbitrary code execution with regards to the client running the application.As per analysis from Trend Micro.
According to researchers, the vulnerability was exploited in wild of June or July and it was disclosed publically by March 27.
Web Distributed Authoring and Versioning (WebDAV) is an extension of the HTTP protocol that permits customers to perform remote Web content authoring operations.
This vulnerability is exploited using the PROPFIND method and IF header. The PROPFIND method retrieves properties defined on the resource identified by the Request-URI. All the WebDAV-Compliant resources must support the PROPFIND method.
As per the report by W3Techs Microsoft-IIS is used by 11.4% of all websites and version 6 is roughly around 1.3%.
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…