The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IIS

computer vulnerability note 22479

Windows 2003: code execution via IIS

Synthesis of the vulnerability

An attacker can use a vulnerability via IIS of Windows 2003, in order to run code.
Impacted products: IIS, Windows 2003.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 18/04/2017.
Identifiers: VIGILANCE-VUL-22479.

Description of the vulnerability

An attacker can use a vulnerability via IIS of Windows 2003, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-7269

Microsoft IIS: buffer overflow via ScStoragePathFromUrl

Synthesis of the vulnerability

An attacker can generate a buffer overflow in the routine ScStoragePathFromUrl() of Microsoft IIS, in order to trigger a denial of service, and possibly to run code.
Impacted products: IIS.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server, denial of service on service.
Provenance: internet client.
Creation date: 27/03/2017.
Identifiers: CVE-2017-7269, VIGILANCE-VUL-22257.

Description of the vulnerability

The Microsoft IIS product is an HTTP server.

It accepts the command PROPFIND as defined in the WebDAV extensions for HTTP. However, the size of the header "If" for request PROPFIND is not rightly checked by the routine ScStoragePathFromUrl() before a copy attempt.

An attacker can therefore generate a buffer overflow in the routine ScStoragePathFromUrl() of Microsoft IIS, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-0001 CVE-2017-0005 CVE-2017-0007

Windows: vulnerabilities of March 2017

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.
Impacted products: IIS, Windows 10, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista, Windows XP.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, data reading, data creation/edition, denial of service on server, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 82.
Creation date: 14/03/2017.
Revision date: 22/03/2017.
Identifiers: 1019, 1021, 1022, 1023, 1025, 1027, 1028, 1029, 1030, 1031, 1042, 1052, 1053, 1054, 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, 993, CERTFR-2017-AVI-082, CERTFR-2017-AVI-154, CVE-2017-0001, CVE-2017-0005, CVE-2017-0007, CVE-2017-0008, CVE-2017-0014, CVE-2017-0016, CVE-2017-0021, CVE-2017-0022, CVE-2017-0023, CVE-2017-0024, CVE-2017-0025, CVE-2017-0026, CVE-2017-0039, CVE-2017-0042, CVE-2017-0043, CVE-2017-0045, CVE-2017-0047, CVE-2017-0050, CVE-2017-0051, CVE-2017-0055, CVE-2017-0056, CVE-2017-0057, CVE-2017-0060, CVE-2017-0061, CVE-2017-0062, CVE-2017-0063, CVE-2017-0072, CVE-2017-0073, CVE-2017-0074, CVE-2017-0075, CVE-2017-0076, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082, CVE-2017-0083, CVE-2017-0084, CVE-2017-0085, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, CVE-2017-0090, CVE-2017-0091, CVE-2017-0092, CVE-2017-0095, CVE-2017-0096, CVE-2017-0097, CVE-2017-0098, CVE-2017-0099, CVE-2017-0100, CVE-2017-0101, CVE-2017-0102, CVE-2017-0103, CVE-2017-0104, CVE-2017-0108, CVE-2017-0109, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, CVE-2017-0128, CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-22132, ZDI-17-168.

Description of the vulnerability

An attacker can use several vulnerabilities of Microsoft products.

The document located in information sources was generated by Vigil@nce from the Microsoft database. It contains details for each product.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-2997 CVE-2017-2998 CVE-2017-2999

Adobe Flash Player: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Adobe Flash Player.
Impacted products: Flash Player, IIS, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 14/03/2017.
Revision date: 22/03/2017.
Identifiers: 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, 4014329, APSB17-07, CERTFR-2017-AVI-077, CVE-2017-2997, CVE-2017-2998, CVE-2017-2999, CVE-2017-3000, CVE-2017-3001, CVE-2017-3002, CVE-2017-3003, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, MS17-023, RHSA-2017:0526-01, SUSE-SU-2017:0703-1, VIGILANCE-VUL-22122, ZDI-17-174, ZDI-17-175, ZDI-17-176, ZDI-17-177, ZDI-17-178, ZDI-17-179, ZDI-17-287.

Description of the vulnerability

Several vulnerabilities were announced in Adobe Flash Player.

An attacker can generate a buffer overflow, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2997]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2998]

An attacker can generate a memory corruption, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-2999]

An attacker can predict a random, in order to obtain sensitive information. [severity:2/4; CVE-2017-3000]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-3001, ZDI-17-174, ZDI-17-175, ZDI-17-176, ZDI-17-177, ZDI-17-178, ZDI-17-179]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-3002]

An attacker can force the usage of a freed memory area, in order to trigger a denial of service, and possibly to run code. [severity:4/4; CVE-2017-3003]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-0038

Microsoft Windows: information disclosure via gdi32.dll

Synthesis of the vulnerability

A local attacker can trigger a read only buffer overflow via gdi32.dll of Microsoft Windows via a data structure of type EMR_SETDIBITSTODEVICE, in order to get sensitive information.
Impacted products: IIS, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 15/02/2017.
Identifiers: 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, 992, CERTFR-2017-ALE-002, CVE-2017-0038, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-21837.

Description of the vulnerability

A local attacker can trigger a read only buffer overflow via gdi32.dll of Microsoft Windows via a data structure of type EMR_SETDIBITSTODEVICE, in order to get sensitive information.

The bulletin VIGILANCE-VUL-19887 indicates a similar vulnerability (CVE-2016-3216), which has been fixed as annouced in MS16-074.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2016-7274

Windows: memory corruption via Uniscribe

Synthesis of the vulnerability

An attacker can generate a memory corruption via Uniscribe of Windows, in order to trigger a denial of service, and possibly to run code.
Impacted products: IIS, Windows 10, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 2016, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights, denial of service on server, denial of service on service.
Provenance: document.
Creation date: 14/12/2016.
Identifiers: 3204063, 3208223, 4010318, 4010319, 4010320, 4010321, 4013074, 4013075, 4013076, 4013078, 4013081, 4013082, 4013083, 4013389, CERTFR-2016-AVI-416, CVE-2016-7274, MS16-147, MS17-008, MS17-009, MS17-010, MS17-011, MS17-012, MS17-013, MS17-016, MS17-017, MS17-018, MS17-019, MS17-020, MS17-021, MS17-022, VIGILANCE-VUL-21368.

Description of the vulnerability

An attacker can generate a memory corruption via Uniscribe of Windows, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2016-1000104 CVE-2016-1000105 CVE-2016-1000107

Web servers: creating client queries via the Proxy header

Synthesis of the vulnerability

An attacker can send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Impacted products: Apache httpd, Tomcat, Mac OS X, Debian, Drupal Core, eZ Publish, Fedora, HP-UX, QRadar SIEM, Junos Space, NSM Central Manager, NSMXpress, lighttpd, IIS, nginx, openSUSE, openSUSE Leap, Oracle Communications, Solaris, Perl Module ~ not comprehensive, PHP, Python, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, TrendMicro ServerProtect, TYPO3 Core, Ubuntu, Varnish.
Severity: 3/4.
Consequences: data reading, denial of service on service.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 12.
Creation date: 18/07/2016.
Identifiers: 1117414, 1994719, 1994725, 1999671, APPLE-SA-2017-09-25-1, bulletinjul2017, bulletinoct2016, c05324759, CERTFR-2016-AVI-240, CERTFR-2017-AVI-012, CERTFR-2017-AVI-022, cpujan2018, CVE-2016-1000104, CVE-2016-1000105, CVE-2016-1000107, CVE-2016-1000108, CVE-2016-1000109, CVE-2016-1000110, CVE-2016-1000111, CVE-2016-1000212, CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388, DLA-553-1, DLA-568-1, DLA-583-1, DLA-749-1, DRUPAL-SA-CORE-2016-003, DSA-3623-1, DSA-3631-1, DSA-3642-1, EZSA-2016-001, FEDORA-2016-07e9059072, FEDORA-2016-2c324d0670, FEDORA-2016-340e361b90, FEDORA-2016-4094bd4ad6, FEDORA-2016-4e7db3d437, FEDORA-2016-604616dc33, FEDORA-2016-683d0b257b, FEDORA-2016-970edb82d4, FEDORA-2016-9c8cf5912c, FEDORA-2016-9de7253cc7, FEDORA-2016-9fd814a7f2, FEDORA-2016-9fd9bfab9e, FEDORA-2016-a29c65b00f, FEDORA-2016-aef8a45afe, FEDORA-2016-c1b01b9278, FEDORA-2016-df0726ae26, FEDORA-2016-e2c8f5f95a, FEDORA-2016-ea5e284d34, HPSBUX03665, HT207615, HT208144, HT208221, httpoxy, JSA10770, JSA10774, openSUSE-SU-2016:1824-1, openSUSE-SU-2016:2054-1, openSUSE-SU-2016:2055-1, openSUSE-SU-2016:2115-1, openSUSE-SU-2016:2120-1, openSUSE-SU-2016:2252-1, openSUSE-SU-2016:2536-1, openSUSE-SU-2016:3092-1, openSUSE-SU-2016:3157-1, openSUSE-SU-2017:0223-1, RHSA-2016:1420-01, RHSA-2016:1421-01, RHSA-2016:1422-01, RHSA-2016:1538-01, RHSA-2016:1609-01, RHSA-2016:1610-01, RHSA-2016:1611-01, RHSA-2016:1612-01, RHSA-2016:1613-01, RHSA-2016:1624-01, RHSA-2016:1626-01, RHSA-2016:1627-01, RHSA-2016:1628-01, RHSA-2016:1629-01, RHSA-2016:1630-01, RHSA-2016:1635-01, RHSA-2016:1636-01, RHSA-2016:1648-01, RHSA-2016:1649-01, RHSA-2016:1650-01, RHSA-2016:1978-01, RHSA-2016:2045-01, RHSA-2016:2046-01, SSA:2016-203-02, SSA:2016-358-01, SSA:2016-363-01, SUSE-SU-2017:1632-1, SUSE-SU-2017:1660-1, SUSE-SU-2019:0223-1, USN-3038-1, USN-3045-1, USN-3134-1, USN-3177-1, USN-3177-2, USN-3585-1, VIGILANCE-VUL-20143, VU#797896.

Description of the vulnerability

Most web servers support CGI scripts (PHP, Python, etc.).

According to the RFC 3875, when a web server receives a Proxy header, it has to create the HTTP_PROXY environment variable for CGI scripts.

However, this variable is also used to store the name of the proxy that web clients has to use. The PHP (via Guzzle, Artax, etc.) and Python scripts will thus use the proxy indicated in the web query for all client queries they will send during the CGI session.

An attacker can therefore send a query with a malicious Proxy header to a web service hosting a CGI script creating web client queries, so they go through attacker's proxy.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2016-0152

IIS: privilege escalation via DLL Loading

Synthesis of the vulnerability

A local attacker can store a malicious library in the path, in order to execute code with IIS privileges.
Impacted products: IIS, Windows 2008 R0, Windows Vista.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights.
Provenance: user shell.
Creation date: 10/05/2016.
Identifiers: 3141083, CERTFR-2016-AVI-164, CVE-2016-0152, MS16-058, VIGILANCE-VUL-19582.

Description of the vulnerability

When IIS processes some documents, it loads an additional DLL.

However, this DLL is loaded from the current directory.

A local attacker can therefore store a malicious library in the path, in order to execute code with IIS privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-1635

Windows: code execution via HTTP.sys

Synthesis of the vulnerability

An attacker can send web queries to a service using HTTP.sys of Windows, such as IIS, in order to execute code.
Impacted products: IIS, Windows 2008 R2, Windows 2012, Windows 7, Windows 8.
Severity: 4/4.
Consequences: administrator access/rights, privileged access/rights, user access/rights.
Provenance: internet client.
Creation date: 14/04/2015.
Revision date: 17/04/2015.
Identifiers: 3042553, CERTFR-2015-AVI-152, CVE-2015-1635, MS15-034, VIGILANCE-VUL-16597.

Description of the vulnerability

The Windows product uses the HTTP.sys driver to process HTTP queries.

However, a malicious query leads to code execution in HTTP.sys. The vulnerability is related to the processing of the Range header of HTTP.

An attacker can therefore send web queries to a service using HTTP.sys of Windows, such as IIS, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-1648

Microsoft .NET: information disclosure via customErrors

Synthesis of the vulnerability

An attacker can generate an error in a Microsoft .NET/ASP.NET application, in order to obtain sensitive information.
Impacted products: IIS, .NET Framework, Windows 2003, Windows 2008 R0, Windows 2008 R2, Windows 2012, Windows 7, Windows 8, Windows RT, Windows Vista.
Severity: 2/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 14/04/2015.
Identifiers: 3048010, CERTFR-2015-AVI-159, CVE-2015-1648, MS15-041, VIGILANCE-VUL-16604.

Description of the vulnerability

The Microsoft .NET uses the ASP.NET customErrors directive to define the type of error messages to be displayed.

However, when the customErrors mode is disabled, an attacker can trigger an error in order to read details about the application.

An attacker can therefore generate an error in a Microsoft .NET/ASP.NET application, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IIS: