Back to KEVs

CVE-2017-8759

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 03, 2017
Published Date
September 13, 2017
Last Updated
February 10, 2025
Vendor
Microsoft
Product
Microsoft .NET Framework
Description
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Tags
dotnet cisa microsoft

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2019-05-24 06:29:45 UTC) Source

References

http://www.securityfocus.com/bid/100742 https://github.com/bhdresh/CVE-2017-8759 https://github.com/nccgroup/CVE-2017-8759 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759 https://www.exploit-db.com/exploits/42711/ http://www.securitytracker.com/id/1039324 https://github.com/GitHubAssessments/CVE_Assessments_01_2020

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

zhengkook/CVE-2017-8759

Type: github • Created: 2020-01-02 07:43:19 UTC • Stars: 0

CVE-2017-8759 use file

adeljck/CVE-2017-8759

Type: github • Created: 2019-06-25 02:17:04 UTC • Stars: 0

CVE-2017-8759 微软word漏洞利用脚本

smashinu/CVE-2017-8759Expoit

Type: github • Created: 2019-05-24 06:29:45 UTC • Stars: 0

yehnah

ChaitanyaHaritash/CVE-2017-8759

Type: github • Created: 2018-12-11 21:39:39 UTC • Stars: 0

Just My ports of CVE-2017-8759

l0n3rs/CVE-2017-8759

Type: github • Created: 2017-09-24 06:58:55 UTC • Stars: 0

ashr/CVE-2017-8759-exploits

Type: github • Created: 2017-09-19 06:12:10 UTC • Stars: 2

Two versions of CVE-2017-8759 exploits

sythass/CVE-2017-8759

Type: github • Created: 2017-09-19 00:30:56 UTC • Stars: 0

CVE-2017-8759

JonasUliana/CVE-2017-8759

Type: github • Created: 2017-09-17 22:05:56 UTC • Stars: 6

Simple C# implementation of CVE-2017-8759

bhdresh/CVE-2017-8759

Type: github • Created: 2017-09-14 10:04:39 UTC • Stars: 317

Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.

homjxi0e/CVE-2017-8759_-SOAP_WSDL

Type: github • Created: 2017-09-14 06:20:28 UTC • Stars: 1

CVE-2017-8759 Remote Code Execution Vulnerability On SOAP WDSL - Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 3.5

BasuCert/CVE-2017-8759

Type: github • Created: 2017-09-13 20:27:29 UTC • Stars: 1

CVE-2017-8759 Research

vysecurity/CVE-2017-8759

Type: github • Created: 2017-09-13 17:10:18 UTC • Stars: 176

CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.

nccgroup/CVE-2017-8759

Type: github • Created: 2017-09-13 15:24:10 UTC • Stars: 96

NCC Group's analysis and exploitation of CVE-2017-8759 along with further refinements

Voulnet/CVE-2017-8759-Exploit-sample

Type: github • Created: 2017-09-13 09:50:04 UTC • Stars: 255

Running CVE-2017-8759 exploit sample.

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Added to KEVIntel