Vulnerability Name: CVE-2017-8759 (CCN-131476) Assigned: 2017-09-12 Published: 2017-09-12 Updated: 2018-01-14 Summary: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )7.0 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )7.0 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-20 Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2017-8759 Source: CCN Type: US-CERT VU#101048Microsoft .NET framework WSDL parser PrintClientProxy remote code execution vulnerability Source: BID Type: Third Party Advisory, VDB Entry100742 Source: CCN Type: BID-100742Microsoft Windows .NET Framework CVE-2017-8759 Remote Code Execution Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry1039324 Source: XF Type: UNKNOWNms-dotnet-cve20178759-code-exec(131476) Source: MISC Type: UNKNOWNhttps://github.com/bhdresh/CVE-2017-8759 Source: MISC Type: UNKNOWNhttps://github.com/GitHubAssessments/CVE_Assessments_01_2020 Source: MISC Type: UNKNOWNhttps://github.com/nccgroup/CVE-2017-8759 Source: CCN Type: Packet Storm Security [11-14-2017]Microsoft .NET Framework Remote Code Execution Source: CCN Type: Packet Storm Security [09-15-2017]Microsoft Windows .NET Framework Remote Code Execution Source: CCN Type: Microsoft Security TechCenter - September 2017.NET Framework Remote Code Execution Vulnerability Source: CONFIRM Type: Patch, Vendor Advisoryhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759 Source: CCN Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCYKNOWN EXPLOITED VULNERABILITIES CATALOG Source: EXPLOIT-DB Type: EXPLOITOffensive Security Exploit Database [09-13-2017] Source: EXPLOIT-DB Type: Third Party Advisory, VDB Entry42711 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5:-:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* OR cpe:/a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* AND cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:*:sp2:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_7:-:sp1:*:*:ultimate_n:*:x86:* OR cpe:/o:microsoft:windows_7::sp1:x64:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* OR cpe:/o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:* OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:* OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:* OR cpe:/o:microsoft:windows_10:-:*:*:*:*:*:x32:* OR cpe:/o:microsoft:windows_10:::~~~~x64~:*:*:*:*:* OR cpe:/o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft .net framework 4.6.1
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft .net framework 2.0 sp2
microsoft .net framework 3.5
microsoft .net framework 3.5.1
microsoft .net framework 4.5.2
microsoft .net framework 4.6
microsoft .net framework 4.6.1
microsoft .net framework 4.6.2
microsoft .net framework 4.7
microsoft windows server 2008 sp2
microsoft windows server 2008 sp2
microsoft windows server 2008
microsoft windows 7 - sp1
microsoft windows 7 sp1
microsoft windows server 2008 r2
microsoft windows server 2008 r2
microsoft windows server 2012
microsoft windows 8.1 - -
microsoft windows 8.1
microsoft windows server 2012 r2
microsoft windows rt 8.1 -
microsoft windows 10 -
microsoft windows 10
microsoft windows server 2016