Buffer overflow in Windows Server and Windows - CVE-2017-8487
Published: June 15, 2017 / Updated: June 20, 2017
Vulnerability identifier: #VU7121
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-8487
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows Server
Windows
Windows Server
Windows
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Microsoft Windows OLE implementation in olecnv32.dll in Microsoft Windows XP and 2003. A remote unauthenticated attacker can create a specially crafted file or program, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being exploited in the wild.
How to mitigate CVE-2017-8487
Install updates from vendor's website.