← back
CVE-2017-0147

CVE-2017-0147

CVSS 7.5 HIGHEPSS 99.7%● KEV
In short

A flaw in Windows SMB (file-sharing protocol) allows attackers to send specially crafted messages over the network and read sensitive information from a computer's memory without needing to log in. This is dangerous because attackers can access passwords, encryption keys, and other confidential data remotely.

Technical detail

The SMBv1 server implementation in affected Windows versions is vulnerable to an information disclosure attack where remote, unauthenticated attackers can craft malicious SMB packets to trigger memory leaks. The vulnerability exposes process memory contents to the attacker, potentially revealing credentials, cryptographic material, or other sensitive data in memory without requiring valid credentials or authentication.

Summary generated and translated by AI from the official description.
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
Microsoft Corporation · Windows SMB
public PoCs found10
githubgithub.com/RobertoLeonFR-ES/Exploit-Win32.CVE-2017-0147.A0cve_referencepacketstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.htmlunverifiedcve_referencewww.exploit-db.com/exploits/41891/unverifiedcve_referencewww.exploit-db.com/exploits/41987/unverifiedcve_referencewww.exploit-db.com/exploits/43970/unverifiedexploitdbwww.exploit-db.com/exploits/41891unverifiedexploitdbwww.exploit-db.com/exploits/47456unverifiedexploitdbwww.exploit-db.com/exploits/43970unverifiedcve_referencepacketstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.htmlunverifiedexploitdbwww.exploit-db.com/exploits/41987unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.htmlhttp://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.htmlhttps://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdfhttps://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdfhttps://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0147https://www.exploit-db.com/exploits/41891/https://www.exploit-db.com/exploits/41987/https://www.exploit-db.com/exploits/43970/http://www.securityfocus.com/bid/96709http://www.securitytracker.com/id/1037991