CVE-2017-0145

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0146, and CVE-2017-0148.

Published: Mar 17, 2017
Updated: Jul 25, 2024
CVE: CVE-2017-0145
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
microsoft / server_message_block	1.0	1.0.x
siemens / acuson_p300_firmware	13.02	13.02.x
siemens / acuson_p300_firmware	13.03	13.03.x
siemens / acuson_p300_firmware	13.20	13.20.x
siemens / acuson_p300_firmware	13.21	13.21.x
siemens / acuson_p500_firmware	va10	va10.x
siemens / acuson_p500_firmware	vb10	vb10.x
siemens / acuson_sc2000_firmware	4.0	4.0e
siemens / acuson_sc2000_firmware	5.0a	5.0a.x
siemens / acuson_x700_firmware	1.0	1.0.x
siemens / acuson_x700_firmware	1.1	1.1.x
siemens / syngo_sc2000_firmware	4.0	4.0e
siemens / syngo_sc2000_firmware	5.0a	5.0a.x
siemens / tissue_preparation_system_firmware	-	-
siemens / versant_kpcr_molecular_system_firmware	-	-
siemens / versant_kpcr_sample_prep_firmware	-	-

Vulnerability Database

289,599

CVE-2017-0145