7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka “.NET Framework Remote Code Execution Vulnerability.”
Recent assessments:
hrbrmstr at May 12, 2020 7:51pm UTC reported:
This CVE made it into US-CERT’s “Top 10” bulletin released in May, 2020 – <https://www.us-cert.gov/ncas/alerts/aa20-133a> / <https://web.archive.org/web/20200512161248/https://www.us-cert.gov/ncas/alerts/aa20-133a>
Vulnerable Products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7
Associated Malware: FINSPY, FinFisher, WingBird
Mitigation: Update affected Microsoft products with the latest security patches
IOCs: <https://www.us-cert.gov/ncas/analysis-reports/ar20-133f>
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
www.securityfocus.com/bid/100742
www.securitytracker.com/id/1039324
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8759
github.com/bhdresh/CVE-2017-8759
github.com/GitHubAssessments/CVE_Assessments_01_2020
github.com/nccgroup/CVE-2017-8759
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759
www.exploit-db.com/exploits/42711
www.us-cert.gov/ncas/alerts/aa20-133a
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.971 High
EPSS
Percentile
99.7%