BDU:2017-01100

BDU

CriticalConfirmedExploit available

Уязвимость протокола SMBv1 операционной системы Microsoft Windows существует из-за недостаточной проверки входных данных. Эксплуатация уязв…

CVSS

9.3

Critical

EPSS

0.00

Published

2017-01-01

Updated

2017-01-01

Description

Уязвимость протокола SMBv1 операционной системы Microsoft Windows существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код с помощью специально сформированных пакетов

Affected products

Microsoft corp Windows_10Microsoft corp Windows_7 service pack 1Microsoft corp Windows_8Microsoft corp Windows_8.1Microsoft corp Windows_rt 8.1Microsoft corp Windows_server_2003Microsoft corp Windows_server_2008Microsoft corp Windows_server_2008Microsoft corp Windows_server_2012Microsoft corp Windows_server_2012Microsoft corp Windows_server_2016Microsoft corp Windows_vista service pack 2Microsoft corp Windows_xpMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft WindowsMicrosoft Windows

CVSS vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Timeline

2017-01-01

Published

2017-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: M

Medium

Authentication

Au: N

None (N)

Confidentiality Impact

C: C

Complete

Integrity Impact

I: C

Complete

Availability Impact

A: C

Complete

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

41891

exploitdb · https://www.exploit-db.com/exploits/41891

Enterprise

41987

exploitdb · https://www.exploit-db.com/exploits/41987

Enterprise

43970

exploitdb · https://www.exploit-db.com/exploits/43970

Enterprise

47456

exploitdb · https://www.exploit-db.com/exploits/47456

Enterprise

CVE-2017-0143

github-poc · https://github.com/benguelmas/cve-2017-0143

Enterprise

Affected software

Product	Vendor	Status
windows_10	microsoft corp	Tracked
windows_7 service pack 1	microsoft corp	Tracked
windows_8	microsoft corp	Tracked
windows_8.1	microsoft corp	Tracked
windows_rt 8.1	microsoft corp	Tracked
windows_server_2003	microsoft corp	Tracked
windows_server_2008	microsoft corp	Tracked
windows_server_2008	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2012	microsoft corp	Tracked
windows_server_2016	microsoft corp	Tracked
windows_vista service pack 2	microsoft corp	Tracked
windows_xp	microsoft corp	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Source databases

BDU

MSR

Related vulnerabilities

CVE-2017-0143

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-0143@http://www.exploit-db.com/exploits/41891/@http://www.exploit-db.com/exploits/41987/@http://www.securityfocus.com/bid/96703@http://www.securityfocus.com/bid/96703@https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143@https://www.exploit-db.com/exploits/41987/