Microsoft IIS 6.0 WebDAV Buffer Overflow
Description
Microsoft Internet Information Services (IIS) 6.0 contains a critical buffer overflow vulnerability in its WebDAV (Web Distributed Authoring and Versioning) extension. This flaw allows remote attackers to execute arbitrary code on the server without authentication by sending a maliciously crafted HTTP request containing an overly long header value. The vulnerability affects the ScStoragePathFromUrl function in the WebDAV service and has been actively exploited in the wild.
Remediation
Immediately disable the WebDAV Web Service Extension on all IIS 6.0 servers. To disable WebDAV:
1. Open the IIS Manager (Start > Administrative Tools > Internet Information Services Manager)
2. Expand the local computer node and select "Web Service Extensions"
3. Locate "WebDAV" in the list of extensions
4. Right-click on "WebDAV" and select "Prohibit" (or select it and click the "Prohibit" button)
5. Verify the status changes to "Prohibited"
6. Restart the IIS service for changes to take effect
If WebDAV functionality is required for business operations, immediately migrate to a supported version of IIS (IIS 8.5 or later on Windows Server 2012 R2 or newer). Note that IIS 6.0 reached end-of-life in July 2015 and no longer receives security updates from Microsoft. As a temporary mitigation if immediate upgrade is not possible, implement network-level access controls to restrict HTTP/HTTPS access to the server from trusted IP addresses only.