Cyber Resilience

CVE-2017-8759

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 September 2017

Published
13 September 2017
Modified
22 April 2026
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.9395 99.9th percentile
Risk Priority 92 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2017-8759 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability CVE-2017-8759 is a remote code execution flaw, tracked under CWE-94, that affects Microsoft .NET Framework versions 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7. It received a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, no privileges required, and required user interaction, with high impact on confidentiality, integrity, and availability.

An attacker can exploit the issue by supplying a malicious document or application that triggers code execution on the target system when processed by the vulnerable .NET Framework component.

Public references for the CVE include SecurityFocus, SecurityTracker, and multiple GitHub repositories containing assessments and proof-of-concept material.

EU & UK References

Vulnerability details

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
.net framework
2.0, 3.5, 3.5.1, 4.5.2, 4.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely installation of security-relevant patches that remediate the .NET Framework RCE flaw before exploitation.

prevent

Restricts execution of mobile code (e.g., .NET assemblies or scripts delivered in documents) that the vulnerability allows an attacker to run.

preventdetect

Deploys malicious-code detection mechanisms that can block or alert on the crafted documents/applications used to trigger the flaw.

References