Chen Wu

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Server 2003 R2 **Description** The issue is caused by a buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0. This allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request. The vulnerability has been exploited in the wild. **Recommendations** For Microsoft Windows Server 2003 R2, apply the necessary patch to fix the buffer overflow vulnerability in the ScStoragePathFromUrl function. As a temporary workaround, consider restricting access to the WebDAV service in IIS 6.0 to minimize the risk of exploitation. Avoid using the `If` header with long URLs in PROPFIND requests until the issue is resolved.