CVE-2017-8759
Published: 13 September 2017
Summary
CVE-2017-8759 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft .Net Framework. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability CVE-2017-8759 is a remote code execution flaw, tracked under CWE-94, that affects Microsoft .NET Framework versions 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7. It received a CVSS 3.1 base score of 7.8 reflecting local attack vector, low complexity, no privileges required, and required user interaction, with high impact on confidentiality, integrity, and availability.
An attacker can exploit the issue by supplying a malicious document or application that triggers code execution on the target system when processed by the vulnerable .NET Framework component.
Public references for the CVE include SecurityFocus, SecurityTracker, and multiple GitHub repositories containing assessments and proof-of-concept material.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2017-17705
Vulnerability details
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of security-relevant patches that remediate the .NET Framework RCE flaw before exploitation.
Restricts execution of mobile code (e.g., .NET assemblies or scripts delivered in documents) that the vulnerability allows an attacker to run.
Deploys malicious-code detection mechanisms that can block or alert on the crafted documents/applications used to trigger the flaw.