#VU7121 Buffer overflow in Windows Server and Windows - CVE-2017-8487
Published: June 15, 2017 / Updated: June 20, 2017
Vulnerability identifier: #VU7121
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber
CVE-ID: CVE-2017-8487
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vulnerable software:
Windows Server
Windows
Windows Server
Windows
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Microsoft Windows OLE implementation in olecnv32.dll in Microsoft Windows XP and 2003. A remote unauthenticated attacker can create a specially crafted file or program, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being exploited in the wild.
Remediation
Install updates from vendor's website.