PT-2017-2382 · Microsoft · Windows Server 2008+6
Publicado
2017-06-13
·
Atualizado
2019-10-03
·
CVE-2017-0294
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions 7 SP1, 8.1, 10 Gold, 1511, 1607, and 1703
Microsoft Windows Server versions 2008 SP2 and R2 SP1, 2012 and R2, 2016
Description
The issue is related to the improper handling of cabinet files, which can allow an attacker to execute remote code. It is also associated with the incorrect handling of files in memory. This can enable a remote attacker to execute arbitrary code and affect the system.
Recommendations
For Microsoft Windows versions 7 SP1, 8.1, 10 Gold, 1511, 1607, and 1703, update to a newer version that properly handles cabinet files.
For Microsoft Windows Server versions 2008 SP2 and R2 SP1, 2012 and R2, 2016, update to a newer version that properly handles cabinet files.
As a temporary workaround, consider restricting access to cabinet files until a patch is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Windows
Windows 10
Windows 7
Windows 8.1
Windows Server 2008
Windows Server 2012
Windows Server 2016