CVE-2017-8759

HIGH
2017-09-13 [email protected]
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Mar 26, 2026 - 11:18 vuln.today
Added to CISA KEV
Oct 22, 2025 - 00:16 cisa
CISA KEV
PoC Detected
Oct 22, 2025 - 00:16 vuln.today
Public exploit code
Patch Released
Oct 22, 2025 - 00:16 nvd
Patch available
CVE Published
Sep 13, 2017 - 01:29 nvd
HIGH 7.8

Description

Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."

Analysis

Microsoft .NET Framework allows remote code execution through a malicious document or application that exploits SOAP WSDL parsing to inject and execute arbitrary code, used by the FinFisher/FinSpy surveillance platform.

Technical Context

The CWE-94 code injection occurs when the .NET Framework processes a SOAP WSDL definition containing specially crafted content. The WSDL parser generates and compiles C# code from the WSDL, and by injecting malicious code into the WSDL structure, an attacker achieves arbitrary code execution during compilation.

Affected Products

['Microsoft .NET Framework 2.0', 'Microsoft .NET Framework 3.5', 'Microsoft .NET Framework 3.5.1', 'Microsoft .NET Framework 4.5.2 through 4.7']

Remediation

Apply Microsoft security update. This vulnerability demonstrates the risk of code-generation-based SOAP processing. Restrict .NET applications from processing untrusted WSDL definitions.

Priority Score

213
Low Medium High Critical
KEV: +50
EPSS: +94.0
CVSS: +39
POC: +20

Share

CVE-2017-8759 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy