Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiPesanteZDI-17-843
HistoryOct 10, 2017 - 12:00 a.m.

Microsoft Windows SMB Out-Of-Bounds Read Denial of Service Vulnerability

2017-10-1000:00:00
pesante
www.zerodayinitiative.com
36

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.799 High

EPSS

Percentile

98.3%

JSON

This vulnerability allows remote attackers to create a denial-of-service on vulnerable installations of Microsoft Windows. Authentication is required to exploit this vulnerability, assuming the product is in its default configuration. The specific flaw exists within the srv driver. A crafted request to an SMB share can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system.

Related

symantec 1
cve 1
mscve 1
checkpoint_advisories 1
prion 1
nessus 9
mskb 11
openvas 8
kaspersky 2
talosblog 1
trendmicroblog 1
symantec
symantec
Microsoft Windows SMB Server CVE-2017-11781 Denial of Service Vulnerability
2017-10-10 00:00:00
cve
cve
CVE-2017-11781
2017-10-13 13:29:00
mscve
mscve
W - SMB - DOS Authenticated
2017-10-10 07:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows SMB Server SMBv1 Out of Bounds Read (CVE-2017-11781)
2017-10-23 00:00:00
prion
prion
Denial of service
2017-10-13 13:29:00
nessus
nessus
Microsoft Windows SMB Server (2017-10) Multiple Vulnerabilities (uncredentialed check)
2017-10-17 00:00:00
Windows 7 and Windows Server 2008 R2 October 2017 Security Updates (KRACK)
2017-10-10 00:00:00
Windows 2008 October 2017 Multiple Security Updates (KRACK)
2017-10-12 00:00:00
mskb
mskb
Description of the security update for the Windows SMB vulnerabilities in Windows Server 2008: October 10, 2017
2017-10-10 07:00:00
October 10, 2017—KB4041678 (Security-only update)
2017-10-16 07:00:00
October 10, 2017—KB4041679 (Security-only update)
2017-10-16 07:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB4041995)
2017-10-11 00:00:00
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4041690)
2017-10-11 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4041681)
2017-10-11 00:00:00
kaspersky
kaspersky
KLA11108 Multiple vulnerabilities in Microsoft Products (ESU)
2017-10-10 00:00:00
KLA11111 Multiple vulnerabilities in Microsoft Windows
2017-10-10 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - October 2017
2017-10-10 13:25:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of October 9, 2017
2017-10-13 14:03:59

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.799 High

EPSS

Percentile

98.3%

JSON
Related for ZDI-17-843
symantec1cve1mscve1checkpoint_advisories1prion1nessus9mskb11openvas8kaspersky2talosblog1trendmicroblog1