Denial of service in Windows and Windows Server - CVE-2017-8587
Published: July 11, 2017 / Updated: July 11, 2017
Vulnerability identifier: #VU7461
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2017-8587
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Windows
Windows Server
Windows
Windows Server
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error when Windows Explorer attempts to open a non-existent file. A remote attacker can create a specially crafted website containing the reference to the non-existing file, trick the victim into visiting it and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The weakness exists due to an error when Windows Explorer attempts to open a non-existent file. A remote attacker can create a specially crafted website containing the reference to the non-existing file, trick the victim into visiting it and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
How to mitigate CVE-2017-8587
Install updates from vendor's website.