← Back

CVE-2017-8759

nvd nist
Published: Sep 13, 2017Modified: Apr 22, 2026CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Affected (8)

Microsoft
1 product
.net Framework
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
.net Framework
Version 4.5.2
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
.net Framework
Version 3.5.1
Running on/withPlatform Versions
Microsoft
Windows Server 2008
Version r2 sp1
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
.net Framework
Version 3.5
Running on/withPlatform Versions
Microsoft
Windows 8.1
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
.net Framework
Version 2.0 sp2
Running on/withPlatform Versions
Microsoft
Windows Server 2008
Version sp2
Configuration E
1 platform
Running on/withPlatform Versions
Microsoft
Windows 10 1511
All versions
Configuration F
2 platform
Running on/withPlatform Versions
Microsoft
Windows 10 1507
All versions
Microsoft
Windows Server 2008
All versions
Configuration G
1 platform
Running on/withPlatform Versions
Microsoft
Windows 10 1703
All versions
Configuration H
2 vulnerable · 5 platform
Vulnerable SoftwareAffected Versions
Microsoft
.net Framework
Version 4.6.1
.net Framework
Version 4.6
Running on/withPlatform Versions
Microsoft
Windows 7
All versions
Microsoft
Windows Rt 8.1
All versions
Microsoft
Windows Server 2008
Version r2 sp1
Microsoft
Windows Server 2012
All versions
Microsoft
Windows Server 2012
Version r2
Configuration I
2 vulnerable · 2 platform
Vulnerable SoftwareAffected Versions
Microsoft
.net Framework
Version 4.6.2
.net Framework
Version 4.7
Running on/withPlatform Versions
Microsoft
Windows 10 1607
All versions
Microsoft
Windows Server 2016
All versions

Related CWEs

CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (15)

Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Broken LinkThird Party AdvisoryVDB Entry
Source: secure@microsoft.com
Third Party Advisory
Source: secure@microsoft.com
ExploitThird Party Advisory
Source: secure@microsoft.com
ExploitThird Party Advisory
Source: secure@microsoft.com
PatchVendor Advisory
Source: secure@microsoft.com
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.