CVE-2017-0147

Summary

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."

Severity
Medium
Severity Score

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-ID

CWE-200

Vulnerability ID
CVE-2017-0147
Severity
Medium
Severity Score
5.9
Summary
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147 http://www.securityfocus.com/bid/96709 http://www.securitytracker.com/id/1037991 https://www.exploit-db.com/exploits/41987/ https://www.exploit-db.com/exploits/41891/ https://www.exploit-db.com/exploits/43970/ https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html
Mitigation and Patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147
Exploits
https://www.exploit-db.com/exploits/41891 https://www.exploit-db.com/exploits/47456 https://www.exploit-db.com/exploits/41987 https://www.exploit-db.com/exploits/43970 https:/github.com/qazbnm456/awesome-cve-poc/blob/master/MS17-010.md https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/smb/ms17_010_command.rb https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_psexec.rb https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_doublepulsar_rce.rb https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-010 https:/github.com/qazbnm456/awesome-cve-poc/blob/master/MS17-010.md https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Metasploit Payload
http://technet.microsoft.com/en-us/security/bulletin/MS17-010 https://github.com/worawit/MS17-010 https://hitcon.org/2017/CMT/slide-files/d2_s2_r0.pdf https://blogs.technet.microsoft.com/srd/2017/06/29/eternal-champion-exploit-analysis/ https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/smb/ms17_010_command.rb https://zerosum0x0.blogspot.com/2017/04/doublepulsar-initial-smb-backdoor-ring.html https://github.com/countercept/doublepulsar-detection-script https://web.archive.org/web/20170513050203/https://technet.microsoft.com/en-us/library/security/ms17-010.aspx https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb https://github.com/RiskSense-Ops/MS17-010 https://risksense.com/wp-content/uploads/2018/05/White-Paper_Eternal-Blue.pdf https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_eternalblue.rb https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/ms17_010_psexec.rb https://countercept.com/blog/analyzing-the-doublepulsar-kernel-dll-injection-technique/ https://www.countercept.com/blog/doublepulsar-usermode-analysis-generic-reflective-dll-loader/ https://github.com/countercept/doublepulsar-c2-traffic-decryptor https://gist.github.com/msuiche/50a36710ee59709d8c76fa50fc987be1 https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/smb/smb_doublepulsar_rce.rb
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE ID
CWE-200

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud AgentTenable NessusRapid7 InsightVM
Company
About UsContactCareer
Resources
CVEWindows KBCase StudieseBooksPolicy TemplatesBlogWebinar
Try It
Patch AstraEPSS CalculatorContactFree ScanSchedule DemoLog In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :