⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2017-8759 — Code Injection in Corporation Microsoft NET Framework

CWE-94 — Code Injection CWE-20 — Improper Input Validation24 documents13 sources

Severity

7.8HIGHNVD

EPSS

94.0%

top 0.11%

CISA KEV

KEV

Added 2021-11-03

Due 2022-05-03

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Corporation Microsoft NET Framework Microsoft NET Framework

Timeline

PublishedSep 13

KEV addedNov 3

KEV dueMay 3

Latest updateMay 14

CISA Required Action: Apply updates per vendor instructions.

Description

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDmicrosoft/net_framework8 versions+7

▶CVEListV5microsoft_corporation/microsoft_net_frameworkMicrosoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-rc4w-p9f6-7c7q: Microsoft↗2022-05-14

▶

CVEList

CVE-2017-8759: Microsoft↗2017-09-13

▶

VulnCheck

Microsoft .NET Framework Remote Code Execution Vulnerability↗2017

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows .NET Framework - Remote Code Execution↗2017-09-13

▶

🔍Detection Rules

Suricata

ET EXPLOIT Possible CVE-2017-8759 Soap File DL Over FTP↗2017-09-20

▶

Suricata

ET EXPLOIT Possible CVE-2017-8759 Soap File DL↗2017-09-13

▶

YARA

CVE_2017_8759_SOAP_txt↗

▶

YARA

CVE_2017_8759_Mal_Doc↗

▶

YARA

CVE_2017_8759_SOAP_Excel↗

▶

📋Vendor Advisories

CISA

Microsoft .NET Framework Remote Code Execution Vulnerability↗2021-11-03

▶

Microsoft

.NET Framework Remote Code Execution Vulnerability↗2017-09-12

▶

🕵️Threat Intelligence

Trendmicro

Cobalt Strikes Again, Spam Runs Target Russian Banks↗2017-11-20

▶

Trendmicro

September Patch Tuesday Fixes MS Office Zero-Day↗2017-09-13

▶

Krebs

Adobe, Microsoft Plug Critical Security Holes – Krebs on Security↗2017-09-01

▶

💬Community

Bugzilla

CVE-2017-17740 openldap: contrib/slapd-modules/nops/nops.c attempts to free stack buffer allowing remote attackers to cause a denial of service↗2017-12-18

▶