CISA KEV 정보
| 취약점명 | Microsoft Windows Search Remote Code Execution Vulnerability |
|---|---|
| 설명 | Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-281 |
| 등록일 (KEV) | 2022-05-24 |
| 조치 기한 | 2022-06-14 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2017-8543 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C설명: Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
CWE: CWE-281 | CWE-281
참조
- http://www.securityfocus.com/bid/98824 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1038667 [Broken Link, Third Party Advisory, VDB Entry]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543 [Mitigation, Patch, Vendor Advisory]
- http://www.securityfocus.com/bid/98824 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1038667 [Broken Link, Third Party Advisory, VDB Entry]
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543 [Mitigation, Patch, Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-8543
This product uses the NVD API but is not endorsed or certified by the NVD.