• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Security  /  CVE-2017-8759 – .NET Framework Remote Code Execution Vulnerability
14 September 2017

CVE-2017-8759 – .NET Framework Remote Code Execution Vulnerability

Written by Pavankumar Chaudhari
Pavankumar Chaudhari
Security
Estimated reading time: 2 minutes

The recent zero-day vulnerability in .NET Framework vulnerability CVE-2017-8759 enables attackers to perform a Remote Code Execution on the targeted machine. This vulnerability is found to be exploited in the wild through email spam messages loaded with malicious RTF files as an attachment. Microsoft has released a security update on September 12, 2017, to fix this issue.

Vulnerable Versions

The below versions of Microsoft Frameworks are affected by this vulnerability:

  • Microsoft .NET Framework 2.0 SP2
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 3.5.1
  • Microsoft .NET Framework 4.5.2
  • Microsoft .NET Framework 4.6
  • Microsoft .NET Framework 4.6.1
  • Microsoft .NET Framework 4.6.2/4.7
  • Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7
  • Microsoft .NET Framework 4.7

Vulnerability

This is a code injection vulnerability in SOAP Moniker which allows an attacker to perform a remote code execution on the targeted machine. After successful exploitation, the attacker can take control of vulnerable system and download and execute programs on the affected system at will.

The malicious RTF document, which is an initial attack vector, makes a request to a CNC server and downloads vulnerable SOAP WSDL content.

Fig 1. SOAP WSDL Content
Fig 1. SOAP WSDL Content

The vulnerability triggers while parsing the SOAP WSDL content and malicious payloads get downloaded and executed on the victim’s machine.

Seqrite Detections

Seqrite has released the following detections for the vulnerability CVE-2017-8759

  • Virus Protection
    • Exp.RTF.CVE-2017-8759
  • IDS/IPS
    • VID-03201 – .NET Framework Remote Code Execution Vulnerability

The observed payload in the wild delivered after the exploitation of this vulnerability was FINSPY. The payload is detected by Seqrite as “Backdoor.FinSpy”.

This exploit is already being used in the wild and we expect more malicious campaigns will make use of this vulnerability in the future. Microsoft has patched this vulnerability and updates are available here. We strongly recommend users to apply these updates and also take the latest security updates by Seqrite.

Subject Matter Expert

  • Pavankumar Chaudhari | Quick Heal Security Labs

 Previous PostCybersecurity trends and predictions to watch out for in 2017
Next Post  How is new technology bringing risk to the Government?
Pavankumar Chaudhari
About Pavankumar Chaudhari

Pavankumar is associated with Quick Heal Technologies as a Technical Lead (Research and Development) and is also a part of Vulnerability Research and Analysis Team....

Articles by Pavankumar Chaudhari »

Related Posts

  • Is your Router exposed to cyber threats

    Is your router exposed to cyber threats? Here is how to safeguard it.

    July 30, 2020
  • Snake ransomware stings to spread its venom in the veins of enterprise networks.

    Snake Ransomware brings impending doom to enterprise networks

    July 10, 2020
  • APT harbingers are using Honey Traps to attack Indian Defence.

    Operation ‘Honey Trap’: APT36 Targets Defence Organizations in India

    July 8, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.