CVE-2017-8759 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADP	ADP	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 99%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	4.5.2
microsoft	.net_framework	3.5.1
microsoft	.net_framework	3.5
microsoft	.net_framework	2.0:sp2
microsoft	.net_framework	4.6.1
microsoft	.net_framework	4.6
microsoft	.net_framework	4.7
microsoft	.net_framework	4.6
microsoft	.net_framework	4.6.1
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4038781
1511 (x64, x86)	KB4038783
1607 (x64, x86)	KB4038782
1703 (x64, x86)	KB4038788

Windows 7

Service Pack 1 (x64, x86)	KB4040973
Service Pack 1 (x64, x86)	KB4040980
Service Pack 1 (x64, x86)	KB4040977

Windows 8.1

(x64, x86)	KB4040972
(x64, x86)	KB4040981
(x64, x86)	KB4040974

Windows RT 8.1

All	KB4040972
All	KB4040974

Windows Server 2008

Service Pack 2 (x64, x86)	KB4040978
Service Pack 2 (x64, x86)	KB4040973
Service Pack 2 (x64, x86)	KB4040977

Windows Server 2008 R2

Service Pack 1 (x64)	KB4040980
Service Pack 1 (x64)	KB4040973
Service Pack 1 (x64)	KB4040977
Service Pack 1 Server Core (x64)	KB4040973
Service Pack 1 Server Core (x64)	KB4040980
Service Pack 1 Server Core (x64)	KB4040977

Windows Server 2012

Server Core	KB4040971
Server Core	KB4040979
Server Core	KB4040975
Standard	KB4040971
Standard	KB4040979
Standard	KB4040975

Windows Server 2012 R2

Server Core	KB4040972
Server Core	KB4040974
Standard	KB4040972
Standard	KB4040981
Standard	KB4040974

Windows Server 2016

Server Core	KB4038782
Standard	KB4038782

Known Exploits!

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References

http://www.securityfocus.com/bid/100742

http://www.securitytracker.com/id/1039324

https://github.com/GitHubAssessments/CVE_Assessments_01_2020

https://github.com/bhdresh/CVE-2017-8759

https://github.com/nccgroup/CVE-2017-8759

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759

https://www.exploit-db.com/exploits/42711/

http://www.securityfocus.com/bid/100742

http://www.securitytracker.com/id/1039324

https://github.com/GitHubAssessments/CVE_Assessments_01_2020

https://github.com/bhdresh/CVE-2017-8759

https://github.com/nccgroup/CVE-2017-8759

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759

https://www.exploit-db.com/exploits/42711/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8759