CVE-2017-8464
ENISA EUVD: EUVD-2017-17414 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
1 article
Published: 2017-06-15
EPSS Score
Source: FIRST.org · 2026-05-23
93.88%
probability
This CVE has a 93.88% probability
of being exploited in the next 30 days.
0%
Top 99.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
9.3
HIGH
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:M/Au:N/C:C/I:C/A:C
Description
VulnerabilityLookup (CNA)Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
Affected Products
Microsoft Corporation
Windows Shell
Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016
Google Project Zero
Patched
June 13, 2017
Reported by
???
Root Cause Analysis
???
Exploits & PoC
3gstudent/CVE-2017-8464-EXP
Support x86 and x64
66
2021-04-17
doudouhala/CVE-2017-8464-exp-generator
this tool can generate a exp for cve-2017-8486, it is developed by python
8
2017-08-07
TrG-1999/DetectPacket-CVE-2017-8464
Exploit vulnerabilities and vulnerability prevention implementation
2
2022-06-08
1
2017-09-20
1
2018-04-20
X-Vector/usbhijacking
Usbhijacking | CVE-2017-8464
0
2018-07-20
0
2023-06-13
TieuLong21Prosper/Detect-CVE-2017-8464
- using python to detect cve-2017-8464 vulnerbilities
0
2023-11-27
8 repos — triés par ⭐
Rechercher sur GitHub ↗
https://www.exploit-db.com/exploits/42382/
exploit
x_refsource_EXPLOIT-DB
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464
x_refsource_CONFIRM
https://www.exploit-db.com/exploits/42429/
exploit
x_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1038671
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/98818
vdb-entry
x_refsource_BID
Signal Intelligence
Confidence
95%
EPSS
93.88%
CVSS v3.1
8.8
Mentions
1
Last Seen
Jun 13, 2017
CNA Information
CNA Assigner
microsoft
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Threat Actors 4
Ice Fog
apt_group
Information theft and espionage
🇨🇳 CN
DNSpionage
apt_group
Information theft and espionage
🇮🇷 IR
Evilnum
apt_group
Information theft and espionage
[Unnamed group]
apt_group
🇨🇳 CN
Triage Info
Decided atMar 05, 2026
Published DateJun 15, 2017