Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0160 — Corporation NET Framework vulnerability

8 documents7 sources

Severity

7.8HIGHNVD

EPSS

13.0%

top 5.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Corporation NET Framework Microsoft NET Framework

Timeline

PublishedApr 12

Latest updateMay 13

Description

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/net_framework8 versions+7

▶CVEListV5microsoft_corporation/net_framework.NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-fp95-p83c-7h99: Microsoft↗2022-05-13

▶

CVEList

CVE-2017-0160: Microsoft↗2017-04-12

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution↗2017-04-20

▶

📋Vendor Advisories

Microsoft

.NET Framework Remote Code Execution Vulnerability↗2017-04-11

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday - April 2017↗2017-04-12

▶

📄Research Papers

CTF

tr2-ssl-0day-20 / README↗2017

▶