CVE-2017-8543

CRITICAL KEV

Microsoft Windows 10 1507 - Remote Code Execution

Title source: rule

Description

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

Exploits (1)

nomisec SCANNER

by americanhanko · poc

https://github.com/americanhanko/windows-security-cve-2017-8543

View Code ZIP pw:eip

References (4)

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/98824

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1038667

[Mitigation, Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8543

Scores

CVSS v3 9.8

EPSS 0.8514

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-24

VulnCheck KEV 2017-06-13

InTheWild.io 2017-06-13

ENISA EUVD EUVD-2017-17493

CWE

CWE-281

Status published

Products (13)

microsoft/windows_10_1507 (2 CPE variants)

microsoft/windows_10_1511 (2 CPE variants)

microsoft/windows_10_1607 (2 CPE variants)

microsoft/windows_10_1703 (2 CPE variants)

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1 (2 CPE variants)

microsoft/windows_server_2012

... and 3 more

Published Jun 15, 2017

KEV Added May 24, 2022

Tracked Since Feb 18, 2026