PT-2017-2382 · Microsoft · Windows Server 2008+6
Published
2017-06-13
·
Updated
2019-10-03
·
CVE-2017-0294
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows versions 7 SP1, 8.1, 10 Gold, 1511, 1607, and 1703
Microsoft Windows Server versions 2008 SP2 and R2 SP1, 2012 and R2, 2016
Description
The issue is related to the improper handling of cabinet files, which can allow an attacker to execute remote code. It is also associated with the incorrect handling of files in memory. This can enable a remote attacker to execute arbitrary code and affect the system.
Recommendations
For Microsoft Windows versions 7 SP1, 8.1, 10 Gold, 1511, 1607, and 1703, update to a newer version that properly handles cabinet files.
For Microsoft Windows Server versions 2008 SP2 and R2 SP1, 2012 and R2, 2016, update to a newer version that properly handles cabinet files.
As a temporary workaround, consider restricting access to cabinet files until a patch is available.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Windows
Windows 10
Windows 7
Windows 8.1
Windows Server 2008
Windows Server 2012
Windows Server 2016