CVE-2017-8565
published 2017-07-11CVE-2017-8565: Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511…
PriorityP357high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
17.52%
96.8th percentile
Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2012 | — | — |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1511 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1703 | — | — |
| msrc | windows_7 | — | — |
| msrc | windows_8.1 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows PowerShell Remote Code Execution Vulnerability
vendor_msrc·2017-07-11·CVSS 7.5
CVE-2017-8565 [HIGH] Windows PowerShell Remote Code Execution Vulnerability
Windows PowerShell Remote Code Execution Vulnerability
Description: A remote code execution vulnerability exists in PowerShell when PSObject wraps a CIM Instance. An attacker who successfully exploited this vulnerability could execute malicious code on a vulnerable system.
In an attack scenario, an attacker could execute malicious code in a PowerShell remote session.
The update addresses the vulnerability by correcting how PowerShell deserializes user supplied scripts.
Microsoft PowerShell: Microsoft PowerShell
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4025338
Reference: https://
GHSA
GHSA-9p7g-5mxf-5954: Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
ghsa_unreviewed·2022-05-13
CVE-2017-8565 [HIGH] GHSA-9p7g-5mxf-5954: Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8
Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability when PSObject wraps a CIM Instance, aka "Windows PowerShell Remote Code Execution Vulnerability".
No detection rules found.
No public exploits indexed.
http://www.securityfocus.com/bid/99394http://www.securitytracker.com/id/1038854https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8565http://www.securityfocus.com/bid/99394http://www.securitytracker.com/id/1038854https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8565
2017-07-11
Published