← Voltar para CVEs
CVE-2017-8464
HIGHCISA KEV8.8
Descricao
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
Detalhes CVE
Pontuacao CVSS v3.18.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado6/15/2017
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorMicrosoft
ProdutoWindows
Nome da vulnerabilidadeMicrosoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Data inclusao KEV2022-02-10
Prazo de remediacao2022-08-10
Uso em ransomwareUnknown
Produtos afetados
microsoft:windows_10_1511microsoft:windows_10_1607microsoft:windows_10_1703microsoft:windows_7microsoft:windows_8.1microsoft:windows_rt_8.1microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_server_2016
Referencias
http://www.securityfocus.com/bid/98818(secure@microsoft.com)
http://www.securitytracker.com/id/1038671(secure@microsoft.com)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464(secure@microsoft.com)
https://www.exploit-db.com/exploits/42382/(secure@microsoft.com)
https://www.exploit-db.com/exploits/42429/(secure@microsoft.com)
http://www.securityfocus.com/bid/98818(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038671(af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8464(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42382/(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/42429/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8464(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.