Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-8487Corporation Microsoft Windows vulnerability

8 documents6 sources
Severity
7.8HIGHNVD
EPSS
69.2%
top 1.35%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Corporation Microsoft Windows
Timeline
PublishedJun 15
Latest updateMay 13

Description

Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Windows olecnv32.dll Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

CVEListV5microsoft_corporation/microsoft_windowsWindows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2

Patches

Patch: support.microsoft.comPatch: support.microsoft.com

🔴Vulnerability Details

2
GHSA
GHSA-84p6-78m2-238m: Windows OLE in Windows XP and Windows Server 2003 allows an attacker to execute code when a victim opens a specially crafted file or program aka "Wind2022-05-13
VulnCheck
Windows olecnv32.dll Remote Code Execution Vulnerability2017

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - 'IOCTL 0x390400_ operation code 0x00020000' Kernel KsecDD Pool Memory Disclosure2017-06-21

🕵️Threat Intelligence

4
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update | Qualys2017-06-13
Qualys
Microsoft Fixes 94 Security Issues in Massive June Update2017-06-13
Recorded Future
China's Influence on National Network Vulnerability Publications | Recorded Future
Recorded Future
China's Influence on National Network Vulnerability Publications
CVE-2017-8487 — HIGH severity | cvebase