1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: WSDL Soap CVE-2017-8759

Attack: WSDL Soap CVE-2017-8759

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a remote code execution vulnerability in Microsoft Windows .NET Framework.

Additional Information

Microsoft Windows is prone to a remote code-execution vulnerability because the .NET Framework fails to properly validate input. Specifically, this issue occurs due to an error in the WSDL parser module within the 'PrintClientProxy' method. An attacker can exploit this issue by sending the malicious document or application and enticing a user to open it leading to download and execute PowerShell commands within a Visual Basic script.

Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.

Affected

  • Microsoft Windows .NET Framework

Response

Updates are available. Please see the references or vendor advisory for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube