Main Vulnerability Database Vulnerabilities #VU7090

Buffer overflow in Windows and Windows Server - CVE-2017-8543

Published: June 13, 2017 / Updated: June 14, 2017

Vulnerability identifier: #VU7090

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2017-8543

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when Windows Search handles objects in memory. A remote unauthenticated attacker can send specially crafted messages to the Windows Search service and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

How to mitigate CVE-2017-8543

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

Buffer overflow in Windows and Windows Server - CVE-2017-8543

Detailed vulnerability description

How to mitigate CVE-2017-8543

Sources

Please verify you're human