7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%
Accident with a view
8 on 24 May, the 360 focus of the Network Security Business Unit capture to a new office high-end intimidating intrusion attacks. 12, Microsoft stopped large-scale network security updates including CVE-2017-8759 of. The same time, FireEye also promulgated the invention of the CVE-2017-8759 fields of application. Due to the vulnerability flaws of the bug affecting the scale of the wide application of low difficulty, 360CERT pressing on their follow-up elucidating it. Recover the warning passed.
Risk grade
[+]Major
Scale of impact
Microsoft . NET Framework 4.7
Microsoft . NET Framework 4.6.2
Microsoft . NET Framework 4.6.1
Microsoft . NET Framework 4.6
Microsoft . NET Framework 4.5.2
Microsoft . NET Framework 3.5.1
Microsoft . NET Framework 3.5
Microsoft . NET Framework 2.0 SP2
Vulnerability flaws bug positioning
CVE-2017-8759 vulnerability flaws bug originally in the wsdl xml the disposal of defective, if the supply includes a CRLF sequence data, then IsValidUrl does not perform accurate authentication. Now. NET source code, positioned to the accomplishments of the disposal interface:
! [](/Article/UploadPic/2017-9/2017915235959840. png? www. myhack58. com)
And exploit the flaws bug the trigger point:
! [](/Article/UploadPic/2017-9/2017916000346. png? www. myhack58. com)
Function here born logo. cs and misappropriation of csc. exe to stop the compile as a dll, the capture to the cs source files and born of the dll.
! [](/Article/UploadPic/2017-9/2017916000274. png? www. myhack58. com)
The entire process is:
1. Pleadingly vicious thoughts SOAP WSDL
2. . NET Framework System. Runtime. Remoting. ni. dll in the IsValidUrl verify the defect
3. 歹意代码经由进程.NET Framework of the System. Runtime. Remoting. ni. dll PrintClientProxy written in the cs file.
4. csc. exe for cs files compiled into a dll
5. Office add-in dll
6. Fulfilling vicious thoughts code
Vulnerability flaws bug verification
!
Repair plan
For the vulnerability flaws of the bug invasion attack samples, 360 network security guards have been in the first follow-up killing, please large recent user don’t close the unsolicited office documents, while the coherent unit is also necessary warnings such 0day vulnerabilities flaws bug the orientation of the intrusion, and the application 360 Internet Security Guard means vulnerability flaws bug patch and attack to the vulnerability flaws of the bug invasion attack.
Network security notification Bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8759
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.97 High
EPSS
Percentile
99.7%