漏洞类别:Web server
漏洞等级: 
漏洞信息
Microsoft Internet Information Services (IIS) 6.0 is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. The ScStoragePathFromUrl function implemented in the WebDAV service on Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request<p>
Microsoft ended support for IIS 6.0 on July 14, 2015 and provides no further support for this application.
漏洞危害
Successful exploitation allows a remote, unauthenticated attacker to execute arbitrary code on a targeted server.
解决方案
Microsoft ended support for IIS 6.0 on July 14, 2015 and provides no further support for this application.
Upgrade to the latest supported version of Microsoft IIS. Refer to Microsoft IIS for more details.
0day
文章评论