CVE-2017-0104 — Integer Overflow or Wraparound in Corporation Isns Server

CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

8.1HIGHNVD

EPSS

34.9%

top 2.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Isns Server Microsoft Windows Server 2008 Microsoft Windows Server 2012 +7 more

Timeline

PublishedMar 17

Latest updateMay 14

Description

The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability."

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages9 packages

▶msrcmsrc/windows_server_2008_for_32-bit_systems_service_pack_2

▶msrcmsrc/windows_server_2008_for_x64-based_systems_service_pack_2

▶msrcmsrc/windows_server_2008_r2_for_x64-based_systems_service_pack_1

▶msrcmsrc/windows_server_2008_r2_for_itanium-based_systems_service_pack_1

▶msrcmsrc/windows_server_2012

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-3fh7-pmqp-67hr: The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers↗2022-05-14

▶

📋Vendor Advisories

Microsoft

iSNS Server Memory Corruption Vulnerability↗2017-03-14

▶

🕵️Threat Intelligence

Fortinet

iSNS Server Memory Corruption Vulnerability in Microsoft Windows Server↗2017-03-23

▶