The II6 6.0 zero-day flaw was discovered by two researchers with the Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou, China. The issue is caused by the improper validation of an IF header in a PROPFIND request and could allow an attacker to trigger a denial of service condition or to run arbitrary code. Microsoft has already acknowledged the vulnerability that was exploited in the wild in July or August 2016. The vulnerability doesnt affect newer versions of Microsoft Internet Information Services.”]
Source: http://securityaffairs.co/wordpress/57513/hacking/iis-6-0-zero-day.html