VIR Vulnerability Intelligence Relay

CVE-2017-0148

unknown KEV
Published 2022-04-06 ยท Modified 2022-04-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
2.5

Description

The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

CISA KEV

Vendor
Microsoft
Product
SMBv1 server
Due date
2022-04-27

Predictions

Exploit likelihood
99%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-41891 dos windows verified
Sean Dillon ยท 2017-04-17

Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)

Source code queued for fetch โ€” refresh in a moment.
EDB-47456 remote windows verified
Metasploit ยท 2019-10-02

DOUBLEPULSAR - Payload Execution and Neutralization (Metasploit)

Source code queued for fetch โ€” refresh in a moment.
EDB-41987 remote windows_x86-64
Juan Sacco ยท 2017-05-10

Microsoft Windows Server 2008 R2 (x64) - 'SrvOs2FeaToNt' SMB Remote Code Execution (MS17-010)

Source code queued for fetch โ€” refresh in a moment.

Metasploit modules

auxiliary_scanner/smb/smb_ms17_010 rank 300
MS17-010 SMB RCE Detection
Source code queued for fetch โ€” refresh in a moment.
exploit_windows/smb/ms17_010_eternalblue rank 200
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
Source code queued for fetch โ€” refresh in a moment.
exploit_windows/smb/smb_doublepulsar_rce rank 500
SMB DOUBLEPULSAR Remote Code Execution
Source code queued for fetch โ€” refresh in a moment.

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.