CVE-2017-0160 : Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an at

Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allows an attacker with access to the local system to execute malicious code, aka ".NET Remote Code Execution Vulnerability."

Published 2017-04-12 14:59:00

Updated 2019-10-03 00:03:26

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Execute code

Products affected by CVE-2017-0160

Microsoft » .net Framework » Version: 2.0 Update SP2
cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 3.5
cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 3.5.1
cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 4.5.2
cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 4.6
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 4.6.1
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 4.6.2
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
Matching versions
Microsoft » .net Framework » Version: 4.7
cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-0160

Top countries where our scanners detected CVE-2017-0160

Top open port discovered on systems with this issue 80

IPs affected by CVE-2017-0160 19,598

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-0160!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-0160

EPSS FAQ

17.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 95 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-0160

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2017-0160

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0160

CVE-2017-0160 - Security Update Guide - Microsoft - .NET Framework Remote Code Execution Vulnerability
Patch;Vendor Advisory
http://www.securityfocus.com/bid/97447

Microsoft Windows .NET Framework CVE-2017-0160 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://www.securitytracker.com/id/1038236

Microsoft .NET Library Loading Bug Lets Local Users Gain Elevated Privileges - SecurityTracker
https://www.exploit-db.com/exploits/41903/

Microsoft Windows - ManagementObject Arbitrary .NET Serialization Remote Code Execution

Jump to

Vulnerability Details : CVE-2017-0160

Products affected by CVE-2017-0160

Threat overview for CVE-2017-0160

Exploit prediction scoring system (EPSS) score for CVE-2017-0160

CVSS scores for CVE-2017-0160

References for CVE-2017-0160