vendor:
Windows Server 2003 R2
by:
Zhiniang Peng and Chen Wu
N/A
CVSS
HIGH
Buffer overflow
119
CWE
Product Name: Windows Server 2003 R2
Affected Version From: Windows Server 2003 R2
Affected Version To: Windows Server 2003 R2
Patch Exists: YES
Related CWE: Not mentioned
CPE: o:microsoft:windows_server_2003:r2
Platforms Tested:
2016
Buffer overflow in WebDAV service in IIS 6.0
The buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request.
Mitigation:
Apply the necessary security patches provided by Microsoft.