Back to KEVs

CVE-2017-7269

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server...

Basic Information

CVE State
PUBLISHED
Reserved Date
March 26, 2017
Published Date
March 27, 2017
Last Updated
February 04, 2025
Vendor
Microsoft
Product
Internet Information Services (IIS)
Description
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If:
Tags
windows cisa nuclei_scanner metasploit_scanner

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

10.0

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2024-10-07 04:27:58 UTC) Source

References

https://www.exploit-db.com/exploits/41992/ http://www.securityfocus.com/bid/97127 https://medium.com/%40iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812 https://github.com/rapid7/metasploit-framework/pull/8162 https://github.com/danigargu/explodingcan http://www.securitytracker.com/id/1038168 https://www.exploit-db.com/exploits/41738/ https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html https://github.com/edwardz246003/IIS_exploit

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/iis/iis_webdav_scstoragepathfromurl.rb 2025-04-29 11:01:39 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-7269.yaml 2025-04-26 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

iis_webdav_scstoragepathfromurl

Type: metasploit • Created: Unknown

Metasploit module for CVE-2017-7269

AxthonyV/CVE-2017-7269

Type: github • Created: 2024-10-07 04:27:58 UTC • Stars: 0

PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6. This tool is designed for educational and research purposes to showcase how the vulnerability can be leveraged to execute arbitrary code on a remote server.

geniuszly/CVE-2017-7269

Type: github • Created: 2024-10-06 17:33:11 UTC • Stars: 4

is a PoC tool demonstrating an exploit for a known vulnerability in the WebDAV component of IIS6

VanishedPeople/CVE-2017-7269

Type: github • Created: 2024-08-07 16:45:02 UTC • Stars: 0

Cappricio-Securities/CVE-2017-7269

Type: github • Created: 2024-05-19 13:01:33 UTC • Stars: 0

Windows Server 2003 & IIS 6.0 - Remote Code Execution

denchief1/CVE-2017-7269

Type: github • Created: 2022-08-29 03:05:06 UTC • Stars: 0

CVE-2017-7269 implemented in C#

n3rdh4x0r/CVE-2017-7269

Type: github • Created: 2021-07-16 07:02:27 UTC • Stars: 5

ThanHuuTuan/CVE-2017-7269

Type: github • Created: 2019-08-09 10:01:50 UTC • Stars: 0

Al1ex/CVE-2017-7269

Type: github • Created: 2018-04-28 04:11:45 UTC • Stars: 12

g0rx/iis6-exploit-2017-CVE-2017-7269

Type: github • Created: 2017-04-05 23:21:12 UTC • Stars: 89

iis6 exploit 2017 CVE-2017-7269

caicai1355/CVE-2017-7269-exploit

Type: github • Created: 2017-03-29 12:52:54 UTC • Stars: 1

exec 8 bytes command

lcatro/CVE-2017-7269-Echo-PoC

Type: github • Created: 2017-03-29 11:20:19 UTC • Stars: 87

CVE-2017-7269 回显PoC ,用于远程漏洞检测..

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Detected by Metasploit