Posted on

VU#101048: Microsoft .NET framework WSDL parser PrintClientProxy remote code execution vulnerability

Vulnerability Note VU#101048

     <h2>Microsoft .NET framework WSDL parser PrintClientProxy remote code execution vulnerability</h2>
     <p class="meta-text">Original Release date: 13 Sep 2017 | Last revised: 13 Sep 2017</p><!-- END SOCIAL BUTTONS -->

 

Overview

The Microsoft .NET framework fails to properly parse WSDL content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

The PrintClientProxy method in the WSDL-parsing component of the Microsoft .NET framework fails to properly handle linefeed characters. If an attacker can trigger the .NET framework to trigger a specially-crafted WSDL file, this can result in arbitrary code execution.

This vulnerability is currently being exploited in the wild, by way of an RTF file with an embedded object that triggers a remote WSDL file to be retrieved and parsed. Other attack vectors may be possible.

Impact

By causing the .NET framework to parse a specially-crafted WSDL file, an unauthenticated remote attacker may be able to execute arbitrary code on a vulnerable system. Current exploits achieve this by convincing a user to open a RTF document.

Solution

Apply an update

This issue is addressed in CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability

     
     

Vendor Information (Learn More)

Vendor Status Date Notified Date Updated
Microsoft Corporation Affected 13 Sep 2017

If you are a vendor and your product is affected, let
us know
.

CVSS Metrics (Learn More)

Group Score Vector
Base 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P
Temporal 6.5 E:H/RL:OF/RC:C
Environmental 6.5 CDP:ND/TD:H/CR:ND/IR:ND/AR:ND
     
     

References

  • https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8759
  •     
    
         
         

    Credit

    This issue was discovered by Genwei Jiang and Dhanesh Kizhakkinan of FireEye, Inc.

    This document was written by Will Dormann.

    Other Information

    • CVE IDs:
      CVE-2017-8759
    •          
    • Date Public: 12 Sep 2017
    • Date First Published: 13 Sep 2017
    • Date Last Updated: 13 Sep 2017
    • Document Revision: 12

    Feedback

    If you have feedback, comments, or additional information about this vulnerability, please send us email.