Lucene search

[email protected]CVE-2017-0278

HistoryMay 12, 2017 - 2:29 p.m.

CVE-2017-0278

2017-05-1214:29:06

[email protected]

web.nvd.nist.gov

microsoft

smbv1

server

windows

remote code execution

vulnerability

cve-2017-0278

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

7.7 High

AI Score

Confidence

High

0.263 Low

EPSS

Percentile

96.8%

JSON

The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to execute remote code by the way it handles certain requests, aka “Windows SMB Remote Code Execution Vulnerability”. This CVE ID is unique from CVE-2017-0272, CVE-2017-0277, and CVE-2017-0279.

Affected configurations

Vulners

NVD

Node

microsoft corporationmicrosoft_server_message_block_1.0MatchMicrosoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.

VendorProductVersionCPE
microsoft corporationmicrosoft_server_message_block_1.0Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.cpe:2.3:a:microsoft corporation:microsoft_server_message_block_1.0:Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft corporation	microsoft_server_message_block_1.0	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.	cpe:2.3:a:microsoft corporation:microsoft_server_message_block_1.0:Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016.:::::::*

CNA Affected

[
  {
    "product": "Microsoft Server Message Block 1.0",
    "vendor": "Microsoft Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
      }
    ]
  }
]