Remote Code Execution Vulnerability in Microsoft Hyper-V
CVE-2017-0095

7.6HIGH

Key Information:

Vendor

Microsoft
Status
Vsmb Hyper-v In Microsoft Windows 10 Gold, 1511, And 1607 And Windows Server 2016.
Vendor
CVE Published:
17 March 2017

What is CVE-2017-0095?

Hyper-V in Microsoft Windows 10 and Windows Server 2016 fails to adequately validate vSMB packet data. This oversight potentially allows attackers to execute arbitrary code on the affected operating systems, posing significant security risks. The vulnerability distinguishes itself from others, enabling unauthorized access and control over the target systems without the need for user interaction.

Affected Version(s)

vSMB Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016. vSMB Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016.

References

http://www.securityfocus.com/bid/96699
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037999
vdb-entryx_refsource_SECTRACK
https://portal.msrc.microsoft.com/en-US/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.