CVE-2017-11885

EUVD-2017-3480
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10
-
microsoftwindows_7
-
microsoftwindows_8.1
*
microsoftwindows_rt_8.1
-
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
-
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB4053581
1511 (x64, x86)
KB4053578
1607 (x64, x86)
KB4053579
1703 (x64, x86)
KB4053580
1709 (x64, x86)
KB4054517
Windows 7
Service Pack 1 (x64, x86)
KB4054521
Windows 8.1
(x64, x86)
KB4054519
Windows RT 8.1
All
KB4054519
Windows Server
1709 Server Core
KB4054517
Windows Server 2008
Service Pack 2 (x64)
KB4052303
Service Pack 2 Server Core (x64, x86)
KB4052303
Windows Server 2008 R2
Service Pack 1 (x64)
KB4054521
Service Pack 1 Server Core (x64)
KB4054521
Windows Server 2012
Server Core
KB4054523
Standard
KB4054523
Windows Server 2012 R2
Server Core
KB4054519
Standard
KB4054519
Windows Server 2016
Server Core
KB4053579
Standard
KB4053579
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/102055
http://www.securitytracker.com/id/1039987
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885
https://www.exploit-db.com/exploits/44616/
http://www.securityfocus.com/bid/102055
http://www.securitytracker.com/id/1039987
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11885
https://www.exploit-db.com/exploits/44616/