What is the CVSS score of CVE-2017-8759?

CVE-2017-8759 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. EPSS exploitation probability: 94.0%.

Which versions of Microsoft .NET Framework are affected by CVE-2017-8759?

CVE-2017-8759 is a critical remote code execution vulnerability affecting Microsoft .NET Framework 2.0-4.7 that is confirmed actively exploited in targeted attacks.. A patch is available.

Is there a public PoC exploit available for CVE-2017-8759?

Yes, a public proof-of-concept exploit is available for CVE-2017-8759. Prioritise patching immediately. EPSS: 94.0%.

How to fix or mitigate CVE-2017-8759?

Within 24 hours: Identify all systems running .NET Framework versions 2.0 through 4.7 using software inventory or Active Directory queries; create incident response playbook for document-based attacks. Within 7 days: Deploy security updates from Microsoft (KB4056887 or later; KB4056890 for .NET 3.5 SP1; KB4056892 for .NET 4.5.2+); apply patches across development, testing, and production environments starting with externally-facing systems. Within 30 days: Complete patching of all endpoints; implement application whitelisting to block unsigned executables; conduct user training on malicious document handling.

Microsoft .NET Framework CVE-2017-8759

HIGH

Code Injection (CWE-94)

2017-09-13 secure@microsoft.com

Code Injection Microsoft RCE

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 22, 2026 - 13:59 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 21, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Mar 26, 2026 - 11:18 vuln.today

Added to CISA KEV

Oct 22, 2025 - 00:16 cisa

CISA KEV

PoC Detected

Oct 22, 2025 - 00:16 vuln.today

Public exploit code

Patch released

Oct 22, 2025 - 00:16 nvd

Patch available

CVE Published

Sep 13, 2017 - 01:29 nvd

HIGH 7.8

DescriptionCVE.org

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

AnalysisAI

Remote code execution in Microsoft .NET Framework versions 2.0 through 4.7 allows attackers to execute arbitrary code via malicious documents or applications. This vulnerability is confirmed actively exploited (CISA KEV) and carries an EPSS exploitation probability of 93.97% (100th percentile), indicating near-certain real-world targeting. Public exploit code is available from multiple sources including GitHub repositories. The attack requires local access and user interaction (opening a weaponized document), but no authentication, making it highly effective in phishing and watering hole campaigns.

Technical ContextAI

This vulnerability affects the Microsoft .NET Framework runtime environment, a software development platform for building and running Windows applications. The flaw is classified as CWE-94 (Code Injection), indicating that attacker-controlled code can be injected into the .NET Framework's execution context. The affected versions span legacy (.NET 2.0, 3.5, 3.5.1) to modern (.NET 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7) frameworks. The CPE data confirms impact across all these major version branches. The vulnerability leverages .NET's document processing capabilities to inject and execute malicious code, exploiting weaknesses in how the framework handles untrusted input from specially crafted files or applications.

RemediationAI

Apply Microsoft security updates immediately from the official MSRC advisory at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759, which provides patches for all affected .NET Framework versions across supported Windows operating systems. Microsoft released these patches as part of the September 2017 security update cycle. Organizations should prioritize patching systems accessible to users who handle external documents or emails, as these are primary attack vectors. As a temporary compensating control until patching is complete, implement application whitelisting to prevent execution of untrusted applications, disable .NET SOAP processing if not required for business operations, and enforce email gateway filtering to block suspicious document attachments (particularly those invoking .NET components). User security awareness training should emphasize risks of opening unsolicited documents. Note that blocking specific file types provides only partial protection since the vulnerability can be triggered through multiple .NET-enabled document formats and applications.

CVE-2017-8759 vulnerability details – vuln.today

Back

Microsoft .NET Framework CVE-2017-8759

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code