Vulnerabilities > Microsoft > Internet Information Services

DATE CVE VULNERABILITY TITLE RISK
2017-03-27 CVE-2017-7269 Classic Buffer Overflow vulnerability in Microsoft Internet Information Services 6.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
network
low complexity
microsoft CWE-120
critical
9.8
2002-12-31 CVE-2002-1745 Off-by-one Error vulnerability in Microsoft Internet Information Services 5.0
Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5.0 allows remote attackers to view the source code for files with extensions containing with one additional character after .html, .htm, .asp, or .inc, such as .aspx files.
network
low complexity
microsoft CWE-193
7.5
2000-04-12 CVE-2000-0258 Improper Input Validation vulnerability in Microsoft products
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
network
low complexity
microsoft CWE-20
7.5