Security@Speaks

Affected Product:  IIS 6.0 for Microsoft Windows Server 2003 R2 This vulnerability was discovered by Zhiniang Peng and Chen Wu. (Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou), China around July or August 2016. Description: Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016. Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. Specifically, this issue affects the 'ScStoragePathFromUrl' function in the 'WebDAV' service. An attacker can exploit this issue through a spe...