CVE-2017-0095Improper Input Validation in Microsoft Windows 10

CWE-20Improper Input Validation5 documents3 sources
Severity
9.0CRITICALNVD
NVD7.6
EPSS
1.2%
top 21.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Microsoft Windows 10Msrc Windows 10 FOR X64-based SystemsMsrc Windows 10 Version 1511 FOR X64-based Systems+2 more
Timeline
PublishedMar 17
Latest updateMay 13

Description

Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021.

CVSS vector

CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 1.0 | Impact: 6.0

Affected Packages5 packages

NVDmicrosoft/windows_101511, 1607+1

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-53gh-w7rv-pj62: Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary2022-05-13
GHSA
GHSA-8ccm-hrvp-5w74: Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to ex2022-05-13

📋Vendor Advisories

1
Microsoft
Hyper-V vSMB Remote Code Execution Vulnerability2017-03-14