Remote Code Execution Risk in Microsoft Internet Information Services 6.0
CVE-2007-2897

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Server
Vendor: CVE Published:; 30 May 2007

What is CVE-2007-2897?

Microsoft Internet Information Services (IIS) 6.0 is susceptible to vulnerabilities that could lead to server instability or even device hangs. Attackers can exploit this vulnerability by sending specific requests to URIs that include DOS device names, like '/AUX/.aspx', allowing them to bypass security restrictions. This could result in the exposure of sensitive information and, with physical access, may enable execution of arbitrary code through device communication streams.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34418

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/fulldisclosure/200...

mailing-listx_refsource_FULLDISC

http://seclists.org/fulldisclosure/2007/May/0378.html

mailing-listx_refsource_FULLDISC

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 30, 2007
Vulnerability Reserved
May 29, 2007