CVE-2017-8759
HIGH severity · CVSS 7.8 · Code injection · actively exploited (CISA KEV)
7.8CVSS HIGH ● exploited
🔴 Actively exploited in the wild (CISA Known Exploited Vulnerabilities).
Added to KEV 2021-11-03. US federal agencies must patch by 2022-05-03.
Summary
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges requiredNone
User interactionRequired
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)94%
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
This vulnerability is being actively exploited in the wild — patch affected products urgently. Open any affected product above for its exact safe version.
Official patch: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759 ↗
Additional information
- NVD record
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759Patch
- http://www.securityfocus.com/bid/100742Advisory
- http://www.securitytracker.com/id/1039324Advisory
- https://github.com/GitHubAssessments/CVE_Assessments_01_2020Advisory
- https://www.exploit-db.com/exploits/42711/Advisory
- http://www.securityfocus.com/bid/100742Advisory
- https://github.com/bhdresh/CVE-2017-8759Advisory
- https://github.com/nccgroup/CVE-2017-8759Advisory