Zero-day vulnerability in Microsoft .NET Framework

Improper input validation

The vulnerability was detected by FireEye  researchers. The attacker used Microsoft Office RTF document to leverage RCE in .NET Framework and deploy FINSPY malware. The malicious document тАЬ╨Я╤А╨╛╨╡╨║╤В.docтАЭ (MD5: fe5c4d6bb78e170abf5cf3741868ea4c) had Russian name and might have been used to target a Russian speaker.

Known malware:


Vulnerability details

Advisory: SB2017091210 - Remote code execution in Microsoft .NET Framework

Vulnerable component: Microsoft .NET Framework

CVE-ID: CVE-2017-8759

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-20 - Improper Input Validation


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to uncpecified error when processing untrusted input. A remote unauthenticated attacker can execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Public Exploits: