|Number of vulnerabilities||1|
|CVE ID|| CVE-2017-8620
|CWE ID|| CWE-119
|Public exploit||Not available|
|Vulnerable software versions||
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2
Windows Server 2008
Windows Server 2008 R2
Windows Server 2016
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing messages in Windows Search service. A remote unauthenticated attacker can send a specially crafted message to the Windows Search service service, trigger memory corruption and execute arbitrary code on the target system. Additionally, in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.Remediation
Install updates from vendor's website.External links