CVE-2017-8759

Warning

Exploit

EPSS 93.89%
Published 13.09.2017 01:29:12
Last modified 20.04.2025 01:37:25
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Affected products Warnungen 1 Metrics 4 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ .Net Framework Version4.5.2

   Microsoft ≫ Windows 7 Version- Updatesp1
   Microsoft ≫ Windows 8.1 Version-
   Microsoft ≫ Windows Rt 8.1 Version-
   Microsoft ≫ Windows Server 2008 Version- Updatesp2
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version3.5.1

Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 1507 Version-
   Microsoft ≫ Windows 10 1511 Version-
   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1703 Version-
   Microsoft ≫ Windows 8.1 Version-
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2
   Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ .Net Framework Version2.0 Updatesp2

Microsoft ≫ Windows Server 2008 Versionsp2

Microsoft ≫ .Net Framework Version4.6.1

Microsoft ≫ Windows 10 1511 Version-

Microsoft ≫ .Net Framework Version4.6

Microsoft ≫ Windows 10 1507 Version-
Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version4.7

Microsoft ≫ Windows 10 1703 Version-

Microsoft ≫ .Net Framework Version4.6

   Microsoft ≫ Windows 7 Version- Updatesp1
   Microsoft ≫ Windows Rt 8.1 Version-
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.6.1

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ .Net Framework Version4.7

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ .Net Framework Version4.7

Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows Server 2016 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft .NET Framework Remote Code Execution Vulnerability

Vulnerability

Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	93.89%	0.999

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.securityfocus.com/bid/100742

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1039324

Third Party Advisory

Broken Link

VDB Entry

https://github.com/GitHubAssessments/CVE_Assessments_01_2020

Third Party Advisory

https://github.com/bhdresh/CVE-2017-8759

Third Party Advisory