CVE-2017-11788
published 2017-11-15CVE-2017-11788: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and…
PriorityP343high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
7.93%
94.0th percentile
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft_corporation | windows_search | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_version_1709 | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_msrc5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-59f6-jgp4-8r4h: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8
ghsa_unreviewed·2022-05-13
CVE-2017-11788 [HIGH] GHSA-59f6-jgp4-8r4h: Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".
Microsoft
Windows Search Denial of Service Vulnerability
vendor_msrc·2017-11-14·CVSS 5.9
CVE-2017-11788 [HIGH] Windows Search Denial of Service Vulnerability
Windows Search Denial of Service Vulnerability
Description: A denial of service vulnerability exists when Windows Search improperly handles objects in memory. An attacker who successfully exploited the vulnerability could cause a remote denial of service against a system.
To exploit the vulnerability, the attacker could send specially crafted messages to the Windows Search service. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through a Server Message Block (SMB) connection.
The security update addresses the vulnerability by correcting how Windows Search handles objects in memory.
Microsoft Windows Search Component: Microsoft Windows Search Component
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exp
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/101711http://www.securitytracker.com/id/1039792https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788http://www.securityfocus.com/bid/101711http://www.securitytracker.com/id/1039792https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11788
2017-11-15
Published