CVE-2017-0144

HIGH KEV RANSOMWARE

Microsoft Server Message Block < 4.0e - Remote Code Execution

Title source: rule

Description

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.

Exploits (35)

exploitdb WORKING POC VERIFIED
by sleepya · pythonremotewindows
https://www.exploit-db.com/exploits/42315
exploitdb WORKING POC VERIFIED
by sleepya · pythonremotewindows_x86-64
https://www.exploit-db.com/exploits/42030
exploitdb WORKING POC VERIFIED
by sleepya · pythonremotewindows
https://www.exploit-db.com/exploits/42031
exploitdb SCANNER VERIFIED
by Sean Dillon · rubydoswindows
https://www.exploit-db.com/exploits/41891
exploitdb WORKING POC
by Juan Sacco · pythonremotewindows_x86-64
https://www.exploit-db.com/exploits/41987
nomisec SCANNER 339 stars
by peterpt · poc
https://github.com/peterpt/eternal_scanner
nomisec WRITEUP 17 stars
by EEsshq · poc
https://github.com/EEsshq/CVE-2017-0144---EtneralBlue-MS17-010-Remote-Code-Execution
nomisec WRITEUP 11 stars
by AdityaBhatt3010 · poc
https://github.com/AdityaBhatt3010/VAPT-Report-on-SMB-Exploitation-in-Windows-10-Finance-Endpoint
nomisec WORKING POC 4 stars
by AtithKhawas · poc
https://github.com/AtithKhawas/autoblue
nomisec WORKING POC 2 stars
by sethwhy · infoleak
https://github.com/sethwhy/BlueDoor
nomisec WRITEUP 1 stars
by nivedh-j · poc
https://github.com/nivedh-j/EternalBlue-Explained
nomisec SCANNER 1 stars
by MedX267 · poc
https://github.com/MedX267/EternalBlue-Vulnerability-Scanner
nomisec SCANNER 1 stars
by kimocoder · remote
https://github.com/kimocoder/eternalblue
nomisec WORKING POC
by dannic145 · poc
https://github.com/dannic145/EternalBlue-Exploit-Demonstration
nomisec WRITEUP
by ichhyak22 · remote
https://github.com/ichhyak22/EternalBlue-Exploit-Demonstration-MS17-010
nomisec WRITEUP
by klairmanraj · poc
https://github.com/klairmanraj/Multi-VLAN-Enterprise-Network-Vulnerability-Assessment
nomisec WRITEUP
by klairmanraj · poc
https://github.com/klairmanraj/Vulnerability-Risk-Assessment-TVRA-Enterprise-Network
nomisec WRITEUP
by klairmanraj · poc
https://github.com/klairmanraj/Multi-VLAN-Enterprise-Network-Security-Infrastructure
nomisec WRITEUP
by althany · poc
https://github.com/althany/CVE-2017-0144_Lab-Guide
nomisec WRITEUP
by Mitsu-bis · poc
https://github.com/Mitsu-bis/Eternal-Blue-CVE-2017-0144-THM-Write-Up
nomisec WRITEUP
by AbbeAlthany · poc
https://github.com/AbbeAlthany/Windows-7_och_CVE-2017-0144_Exploit
nomisec WRITEUP
by FireTemple · poc
https://github.com/FireTemple/Blackash-CVE-2017-0144
github WRITEUP
by OscarYR · poc
https://github.com/OscarYR/CVE_Reproduction/tree/main/EternalBlue/CVE-2017-0144.md
nomisec WRITEUP
by luckyman2907 · poc
https://github.com/luckyman2907/SMB-Protocol-Vulnerability_CVE-2017-0144
nomisec WORKING POC
by pelagornisandersi · poc
https://github.com/pelagornisandersi/WIndows-7-automated-exploitation-using-metasploit-framework-
nomisec WRITEUP
by denuwanjayasekara · poc
https://github.com/denuwanjayasekara/CVE-Exploitation-Reports
nomisec SUSPICIOUS
by AnugiArrawwala · poc
https://github.com/AnugiArrawwala/CVE-Research
nomisec WRITEUP
by ducanh2oo3 · poc
https://github.com/ducanh2oo3/Vulnerability-Research-CVE-2017-0144
nomisec SCANNER
by quynhold · poc
https://github.com/quynhold/Detect-CVE-2017-0144-attack
metasploit WORKING POC GREAT
by Equation Group, Shadow Brokers, zerosum0x0, Luke Jennings, wvu, Jacob Robles · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_doublepulsar_rce.rb
metasploit SCANNER
by Sean Dillon <[email protected]>, Luke Jennings · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb
exploitdb WORKING POC
rubyremotewindows
https://www.exploit-db.com/exploits/47456

References (13)

Scores

CVSS v3 8.8
EPSS 0.9442
EPSS Percentile 100.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-02-10
VulnCheck KEV 2016-04-22
InTheWild.io 2017-03-14
ENISA EUVD EUVD-2017-0511
Ransomware Use Confirmed
Status published
Products (17)
microsoft/server_message_block 1.0
Microsoft Corporation/Windows SMB The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1
siemens/acuson_p300_firmware 13.02
siemens/acuson_p300_firmware 13.03
siemens/acuson_p300_firmware 13.20
siemens/acuson_p300_firmware 13.21
siemens/acuson_p500_firmware va10
siemens/acuson_p500_firmware vb10
siemens/acuson_sc2000_firmware 5.0a
siemens/acuson_sc2000_firmware 4.0 - 4.0e
... and 7 more
Published Mar 17, 2017
KEV Added Feb 10, 2022
Tracked Since Feb 18, 2026