CVE-2017-8759

Warnung

Exploit

EPSS 93.89%
Veröffentlicht 13.09.2017 01:29:12
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ .Net Framework Version4.5.2

   Microsoft ≫ Windows 7 Version- Updatesp1
   Microsoft ≫ Windows 8.1 Version-
   Microsoft ≫ Windows Rt 8.1 Version-
   Microsoft ≫ Windows Server 2008 Version- Updatesp2
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version3.5.1

Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1

Microsoft ≫ .Net Framework Version3.5 Update-

   Microsoft ≫ Windows 10 1507 Version-
   Microsoft ≫ Windows 10 1511 Version-
   Microsoft ≫ Windows 10 1607 Version-
   Microsoft ≫ Windows 10 1703 Version-
   Microsoft ≫ Windows 8.1 Version-
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2
   Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ .Net Framework Version2.0 Updatesp2

Microsoft ≫ Windows Server 2008 Versionsp2

Microsoft ≫ .Net Framework Version4.6.1

Microsoft ≫ Windows 10 1511 Version-

Microsoft ≫ .Net Framework Version4.6

Microsoft ≫ Windows 10 1507 Version-
Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ .Net Framework Version4.7

Microsoft ≫ Windows 10 1703 Version-

Microsoft ≫ .Net Framework Version4.6

   Microsoft ≫ Windows 7 Version- Updatesp1
   Microsoft ≫ Windows Rt 8.1 Version-
   Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
   Microsoft ≫ Windows Server 2012 Version-
   Microsoft ≫ Windows Server 2012 Versionr2

Microsoft ≫ .Net Framework Version4.6.1

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ .Net Framework Version4.7

Microsoft ≫ .Net Framework Version4.6.2

Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows Server 2016 Version-

Microsoft ≫ .Net Framework Version4.7

Microsoft ≫ Windows 10 1607 Version-
Microsoft ≫ Windows Server 2016 Version-

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft .NET Framework Remote Code Execution Vulnerability

Schwachstelle

Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	93.89%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.securityfocus.com/bid/100742

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1039324

Third Party Advisory

Broken Link

VDB Entry

https://github.com/GitHubAssessments/CVE_Assessments_01_2020

Third Party Advisory

https://github.com/bhdresh/CVE-2017-8759

Third Party Advisory