Microsoft Windows Server 2003 R2 IIS 6.0 WebDAV PROPFIND Request Handling RCE (EXPLODINGCAN)
Critical Nessus Plugin ID 99281
SynopsisThe remote Windows host is affected by a remote code execution vulnerability.
DescriptionThe remote host is running Windows Server 2003 R2 and Internet Information Services (IIS) 6.0 with WebDAV enabled. It is, therefore, affected by a buffer overflow condition in the IIS WebDAV service due to improper handling of the 'If' header in a PROPFIND request. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition or the execution of arbitrary code.
EXPLODINGCAN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
SolutionWindows Server 2003 R2 and IIS 6.0 are no longer maintained or supported by Microsoft. Upgrade to a currently supported version of Microsoft Windows and IIS. Alternatively, disable either IIS or WebDAV.