CVE-2017-8461

HIGH

Windows XP and Windows Server 2003 - Remote Code Execution via RPC with Routing and Remote Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-8461. PoCs published by Equation Group, Shadow Brokers, Víctor Portal, bcoles, including Metasploit module exploits/windows/smb/smb_rras_erraticgopher.

AI-analyzed exploit summary This Metasploit module exploits a buffer overflow in the Windows RRAS service (CVE-2017-8461) to achieve remote code execution as SYSTEM on Windows Server 2003. It includes ROP chains for bypassing DEP/NX on various service packs and uses an egghunter for payload delivery.

Description

Windows RPC with Routing and Remote Access enabled in Windows XP and Windows Server 2003 allows an attacker to execute code on a targeted RPC server which has Routing and Remote Access enabled via a specially crafted application, aka "Windows RPC Remote Code Execution Vulnerability."

Exploits (1)

metasploit WORKING POC NORMAL

by Equation Group, Shadow Brokers, Víctor Portal, bcoles · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_rras_erraticgopher.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the Windows RRAS service (CVE-2017-8461) to achieve remote code execution as SYSTEM on Windows Server 2003. It includes ROP chains for bypassing DEP/NX on various service packs and uses an egghunter for payload delivery.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Complex

Reliability

Racy

Target: Microsoft Windows Server 2003 (SP0, SP1, SP2, R2 SP2)

No auth needed

Prerequisites: SMBv1 access to target · RRAS service enabled

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/99012

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038701

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/161672/Microsoft-Windows-RRAS-Service-MIBEntryGet-Overflow.html

Scores

CVSS v3 7.8

EPSS 0.2111

EPSS Percentile 97.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

microsoft/windows_server_2003

microsoft/windows_xp

Microsoft Corporation/Microsoft Windows Windows XP SP3, Windows XP x64 SP2, Windows Server 2003 SP2

Published Jun 15, 2017

Tracked Since Feb 18, 2026