Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-8461Corporation Microsoft Windows vulnerability

5 documents4 sources
Severity
7.8HIGHNVD
EPSS
8.4%
top 7.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Corporation Microsoft Windows
Timeline
PublishedJun 15
Latest updateMay 13

Description

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft_corporation/microsoft_windowsWindows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2

Patches

Patch: support.microsoft.comPatch: support.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-3vvf-r92p-64xr: Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server w2022-05-13

💥Exploits & PoCs

1
Metasploit
Microsoft Windows RRAS Service MIBEntryGet Overflow

🕵️Threat Intelligence

2
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys2017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update2017-06-13
CVE-2017-8461 — HIGH severity | cvebase