Microsoft IIS WebDav ScStoragePathFromUrl Overflow

Posted by deepcore on May 11, 2017 – 10:14 am

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with “If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Original exploit by Zhiniang Peng and Chen Wu.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« http://lpa.nfe.go.th QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 Authentication Bypass »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Microsoft IIS WebDav ScStoragePathFromUrl Overflow

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL