CVE-2017-11885

MEDIUM

Windows - RCE

Title source: llm
STIX 2.1

Description

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the way the Routing and Remote Access service handles requests, aka "Windows RRAS Service Remote Code Execution Vulnerability".

Exploits (1)

exploitdb WORKING POC VERIFIED
by vportal · pythonremotewindows
https://www.exploit-db.com/exploits/44616

References (4)

Scores

CVSS v3 6.6
EPSS 0.6473
EPSS Percentile 98.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-20
Status published
Products (15)
microsoft/windows_10
microsoft/windows_10 1511
microsoft/windows_10 1607
microsoft/windows_10 1703
microsoft/windows_10 1709
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_rt_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1 (2 CPE variants)
... and 5 more
Published Dec 12, 2017
Tracked Since Feb 18, 2026