CVE-2017-8543

CRITICAL KEV

Microsoft Windows - Remote Code Execution via Windows Search Memory Handling

Title source: llm

Exploitation Summary

CVE-2017-8543 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 24, 2022. EIP tracks 1 public exploit from researchers including americanhanko.

AI-analyzed exploit summary This is an InSpec compliance profile that checks for the presence of Windows hotfixes addressing CVE-2017-8543. It does not exploit the vulnerability but verifies patch status.

Description

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

Exploits (1)

nomisec SCANNER

by americanhanko · poc

https://github.com/americanhanko/windows-security-cve-2017-8543

View Code ZIP pw:eip

This is an InSpec compliance profile that checks for the presence of Windows hotfixes addressing CVE-2017-8543. It does not exploit the vulnerability but verifies patch status.

Classification

Scanner 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Windows Operating Systems (various versions)

Auth required

Prerequisites: Administrative access to run PowerShell commands

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8543

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/98824

Mitigation, Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1038667

Scores

CVSS v3 9.8

EPSS 0.7376

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2022-05-24

VulnCheck KEV 2017-06-13

InTheWild.io 2017-06-13

ENISA EUVD EUVD-2017-17493

CWE

CWE-281

Status published

Products (13)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1511 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1703 (2 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

... and 3 more

Published Jun 15, 2017

KEV Added May 24, 2022

Tracked Since Feb 18, 2026