CVE-2017-8759

ENISA EUVD: EUVD-2017-17705 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 4 articles Published: 2017-09-13

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

93.97%

probability

This CVE has a 93.97% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Affected Products

Microsoft Corporation

Microsoft .NET Framework

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7

microsoft

.net framework

Microsoft Corporation

Microsoft .NET Framework

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-707 · Improper Neutralization CWE-74 · Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-913 · Improper Control of Dynamically-Managed Code Resources CWE-94 · Code Injection

Google Project Zero

Patched

Sept. 12, 2017

Reported by

Genwei Jiang and Dhanesh Kizhakkinan of FireEye, Inc.

Root Cause Analysis

???

Exploits & PoC

bhdresh/CVE-2017-8759

Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Mic

312 2018-09-10

Voulnet/CVE-2017-8759-Exploit-sample

Running CVE-2017-8759 exploit sample.

255 2020-01-23

vysecurity/CVE-2017-8759

CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.

176 2017-09-14

nccgroup/CVE-2017-8759

NCC Group's analysis and exploitation of CVE-2017-8759 along with further refinements

94 2017-09-19

JonasUliana/CVE-2017-8759

Simple C# implementation of CVE-2017-8759