Microsoft Internet Information Services CVE-2017-7269 Buffer Overflow Vulnerability

Microsoft Internet Information Services is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Attackers can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.

Microsoft Internet Information Services 6.0 running on Microsoft Windows Server 2003 R2 is vulnerable; other versions may also be affected.

Information

Bugtraq ID: 97127
Class: Boundary Condition Error
CVE: CVE-2017-7269

Remote: Yes
Local: No
Published: Mar 26 2017 12:00AM
Updated: Aug 10 2017 05:10PM
Credit: Zhiniang Peng and Chen Wu
Vulnerable: Siemens SPECT/CT Systems 0
Siemens SPECT Workplaces/Symbia.net 0
Siemens SPECT Systems 0
Siemens PET/CT Systems 0
Microsoft Windows Server 2003 R2
Microsoft Internet Information Services 6

Not Vulnerable:

Exploit

Reports indicate that this issue is being exploited in the wild. Please see the references for more information.

The following exploit is available:

• /data/vulnerabilities/exploits/97127.py

References:

• Microsoft Homepage (Microsoft)
  
• CVE-2017-7269 (GitHub)
  
• ICSMA-17-215-01: Siemens Molecular Imaging Vulnerabilities (CERT)
  

Source: www.securityfocus.com