Vulnerability Details CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.939
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
Proposed Action
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
Ransomware Campaign
Unknown
References
- http://www.securityfocus.com/bid/100742
- http://www.securitytracker.com/id/1039324
- https://github.com/GitHubAssessments/CVE_Assessments_01_2020
- https://github.com/bhdresh/CVE-2017-8759
- https://github.com/nccgroup/CVE-2017-8759
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759
- https://www.exploit-db.com/exploits/42711/
- http://www.securityfocus.com/bid/100742
- http://www.securitytracker.com/id/1039324
- https://github.com/GitHubAssessments/CVE_Assessments_01_2020
- https://github.com/bhdresh/CVE-2017-8759
- https://github.com/nccgroup/CVE-2017-8759
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759
- https://www.exploit-db.com/exploits/42711/
Products affected by CVE-2017-8759
-
cpe:2.3:a:microsoft:.net_framework:2.0
-
cpe:2.3:a:microsoft:.net_framework:3.5
-
cpe:2.3:a:microsoft:.net_framework:3.5.1
-
cpe:2.3:a:microsoft:.net_framework:4.5.2
-
cpe:2.3:a:microsoft:.net_framework:4.6
-
cpe:2.3:a:microsoft:.net_framework:4.6.1
-
cpe:2.3:a:microsoft:.net_framework:4.6.2
-
cpe:2.3:a:microsoft:.net_framework:4.7
-
cpe:2.3:o:microsoft:windows_10_1507:-
-
cpe:2.3:o:microsoft:windows_10_1511:-
-
cpe:2.3:o:microsoft:windows_10_1607:-
-
cpe:2.3:o:microsoft:windows_10_1703:-
-
cpe:2.3:o:microsoft:windows_7:-
-
cpe:2.3:o:microsoft:windows_8.1:-
-
cpe:2.3:o:microsoft:windows_rt_8.1:-
-
cpe:2.3:o:microsoft:windows_server_2008:-
-
cpe:2.3:o:microsoft:windows_server_2008:r2
-
cpe:2.3:o:microsoft:windows_server_2008:sp2
-
cpe:2.3:o:microsoft:windows_server_2012:-
-
cpe:2.3:o:microsoft:windows_server_2012:r2
-
cpe:2.3:o:microsoft:windows_server_2016:-