EXPLODINGCAN is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
- The remote host is running Windows Server 2003 and Internet Information Services (IIS) 6.0 with WebDAV enabled.
- It is, therefore,affected by a buffer overflow condition in the IIS WebDAV service due to improper handling of the ‘If’ header in a PROPFIND request.
- An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause a denial of service condition or the execution of arbitrary code.
- Solution : Windows Server 2003 and IIS 6.0 are no longer maintained or supported as per Microsoft advisory. Upgrade to a currently supported version of Microsoft Windows and IIS. Alternatively, disable either IIS or WebDAV.
- Original exploit metasploit module shared by Zhiniang Peng and Chen Wu can be Found here
- As per preventive steps , one should ensure if vulnerability exists with Nessus plugin Analysis and Plugin can be found here
- Github repository can be found here.