Kaspersky LabKLA10999KLA10999 Arbitrary code execution vulnerability in Microsoft IIS
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%
CVSS:
10.0
Detect date:
03/22/2017
Severity:
Critical
Description:
A buffer overflow vulnerability was found in in the WebDAV service in IIS (Internet Information Services) 6.0 in Microsoft Windows Server 2003 R2. By exploiting this vulnerability malicious users can execute arbitary code or cause a denial of service. This vulnerability can be exploited remotely via a long header beginning with βIf: <http://β in a PROPFIND request.
Affected products:
Microsoft Windows Server 2003 R2
Solution:
Follow the instructions from the solution link to install a micropatch.
0patch Blog
Original advisories:
Impacts:
ACE
Related products:
CVE-IDS:
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%