Main Vulnerability Database Exploits ID:1084 - Exploit for Information disclosure in Windows and Windows Server - CVE-2017-0147

ID:1084 - Exploit for Information disclosure in Windows and Windows Server - CVE-2017-0147

Published: March 18, 2020

Vulnerability identifier: #VU6016

Vulnerability risk: Medium

CVE-ID: CVE-2017-0147

CWE-ID: CWE-200

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://www.exploit-db.com/exploits/41987/

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to an error when parsing requests in Microsoft Server Message Block 1.0 (SMBv1) server. A remote unauthenticated attacker can send specially crafted SMB packets and gain access to potentially sensitive data.

Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive information.

Note: this vulnerability has been exploited in the wild and is publicly known as EternalChampion exploit.

Remediation

Install updates from vendor's website.

ID:1084 - Exploit for Information disclosure in Windows and Windows Server - CVE-2017-0147

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human