← back
CVE-2017-8759

CVE-2017-8759

CVSS 7.8 HIGHEPSS 88.7%● KEVCWE-94
In short

A vulnerability in Microsoft .NET Framework allows attackers to run malicious code on a computer by tricking users into opening a specially crafted document or application. This is dangerous because it gives attackers full control over the affected system.

Technical detail

CWE-94 (Code Injection) vulnerability in multiple .NET Framework versions enables remote code execution through malicious documents or applications. The attack vector likely involves unsafe deserialization or object instantiation without proper validation. Successful exploitation grants arbitrary code execution in the context of the user running the application.

Summary generated and translated by AI from the official description.
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Microsoft Corporation · Microsoft .NET Framework
public PoCs found19
githubgithub.com/bhdresh/CVE-2017-8759312githubgithub.com/Voulnet/CVE-2017-8759-Exploit-sample255githubgithub.com/vysecurity/CVE-2017-8759176githubgithub.com/nccgroup/CVE-2017-875994githubgithub.com/JonasUliana/CVE-2017-87595githubgithub.com/ashr/CVE-2017-8759-exploits2githubgithub.com/BasuCert/CVE-2017-87591githubgithub.com/varunsaru/SNP0githubgithub.com/GayashanM/OHTS0githubgithub.com/l0n3rs/CVE-2017-87590githubgithub.com/sythass/CVE-2017-87590githubgithub.com/zhengkook/CVE-2017-87590githubgithub.com/adeljck/CVE-2017-87590githubgithub.com/smashinu/CVE-2017-8759Expoit0githubgithub.com/tahisaad6/CVE-2017-8759-Exploit-sample20githubgithub.com/homjxi0e/CVE-2017-8759_-SOAP_WSDL0githubgithub.com/ChaitanyaHaritash/CVE-2017-87590cve_referencewww.exploit-db.com/exploits/42711/unverifiedexploitdbwww.exploit-db.com/exploits/42711unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/bhdresh/CVE-2017-8759https://github.com/GitHubAssessments/CVE_Assessments_01_2020https://github.com/nccgroup/CVE-2017-8759https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8759https://www.exploit-db.com/exploits/42711/http://www.securityfocus.com/bid/100742http://www.securitytracker.com/id/1039324