CVE-2017-0294 — Corporation Microsoft Windows vulnerability

6 documents5 sources

Severity

7.8HIGHNVD

EPSS

28.7%

top 3.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

16

Microsoft Corporation Microsoft Windows Microsoft Windows 10 Microsoft Windows Server 2008 +13 more

Timeline

PublishedJun 15

Latest updateMay 13

Description

Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute remote code when Windows fails to properly handle cabinet files, aka "Windows Remote Code Execution Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages15 packages

▶msrcmsrc/windows_server_2008

▶msrcmsrc/windows_server_2012

▶msrcmsrc/windows_server_2016

▶msrcmsrc/windows_server_2008_r2

▶msrcmsrc/windows_server_2012_r2

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

1

GHSA

GHSA-55gr-xccq-vgw3: Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8↗2022-05-13

▶

📋Vendor Advisories

1

Microsoft

Windows Remote Code Execution Vulnerability↗2017-06-13

▶

🕵️Threat Intelligence

2

Talos

Microsoft Patch Tuesday - June 2017↗2017-06-13

▶

Talos

Vulnerability Spotlight: Randombit Botan Library X509 Certificate Validation Bypass Vulnerability↗2017-04-28

▶

💬Community

1

Bugzilla

CVE-2017-15089 infinispan: Unsafe deserialization of malicious object injected into data cache↗2017-10-18

▶

CVE-2017-0294 — HIGH severity | cvebase