Cyber Resilience

CVE-2017-7269

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 27 March 2017

Published
27 March 2017
Modified
21 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9441 100.0th percentile
Risk Priority 96 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-7269 is a critical-severity Classic Buffer Overflow (CWE-120) vulnerability in Microsoft Internet Information Services. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2017-7269 is a buffer overflow vulnerability (CWE-120) in the ScStoragePathFromUrl function within the WebDAV service of Internet Information Services (IIS) 6.0, specifically affecting Microsoft Windows Server 2003 R2. The flaw is triggered by a specially crafted PROPFIND request containing a long "If: <http://" header, which can corrupt memory during path handling.

Remote attackers with network access can exploit the issue without authentication or user interaction to execute arbitrary code on the server, as reflected in its CVSS 3.1 base score of 9.8. The vulnerability was exploited in the wild as early as July or August 2016.

Public references document the issue through vulnerability databases and include proof-of-concept exploit code on GitHub, along with discussion of unofficial micropatch options for unsupported systems; no official vendor patch is referenced for the end-of-life platform.

EU & UK References

Vulnerability details

Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND…

more

request, as exploited in the wild in July or August 2016.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
internet information services
6.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of incoming HTTP headers (e.g., the long "If:" header) before they reach ScStoragePathFromUrl, preventing the buffer overflow.

prevent

Enforces memory-protection mechanisms (ASLR, DEP, etc.) that block successful exploitation of the overflow even if input validation fails.

prevent

Requires disabling or restricting the WebDAV service (and PROPFIND method) when not explicitly needed, eliminating the vulnerable attack surface on the EOL IIS 6.0 host.

References