Actively exploited zero-day in IIS 6.0 affects 60,000+ servers

Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited by threat actors at this very moment. It is a buffer overflow flaw in a function in the WebDAV service in IIS 6.0 in Microsoft Windows Server 2003 R2, and can be triggered by attackers sending a overlong IF header in a PROPFIND request.

Source: Actively exploited zero-day in IIS 6.0 affects 60,000+ servers

Rate this:

Posted

March 30, 2017

Uncategorized

Nathan Cocker

Tags:

Comments

Leave a Reply Cancel reply

Enter your comment here…

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

Actively exploited zero-day in IIS 6.0 affects 60,000+ servers

Rate this:

Share this:

Like this:

Comments

Leave a Reply Cancel reply