Microsoft the Microsoft . NET Framework flaws vulnerability bug(CVE–2017–8759)alerts-a vulnerability alert-the black bar safety net
Discription

Accident with a view
8 on 24 May, the 360 focus of the Network Security Business Unit capture to a new office high-end intimidating intrusion attacks. 12, Microsoft stopped large-scale network security updates including CVE-2017-8759 of. The same time, FireEye also promulgated the invention of the CVE-2017-8759 fields of application. Due to the vulnerability flaws of the bug affecting the scale of the wide application of low difficulty, 360CERT pressing on their follow-up elucidating it. Recover the warning passed.
Risk grade
[+]Major
Scale of impact
Microsoft . NET Framework 4.7
Microsoft . NET Framework 4.6.2
Microsoft . NET Framework 4.6.1
Microsoft . NET Framework 4.6
Microsoft . NET Framework 4.5.2
Microsoft . NET Framework 3.5.1
Microsoft . NET Framework 3.5
Microsoft . NET Framework 2.0 SP2
Vulnerability flaws bug positioning
CVE-2017-8759 vulnerability flaws bug originally in the wsdl xml the disposal of defective, if the supply includes a CRLF sequence data, then IsValidUrl does not perform accurate authentication. Now. NET source code, positioned to the accomplishments of the disposal interface:
! [](/Article/UploadPic/2017-9/2017915235959840. png? www. myhack58. com)
And exploit the flaws bug the trigger point:
! [](/Article/UploadPic/2017-9/2017916000346. png? www. myhack58. com)
Function here born logo. cs and misappropriation of csc. exe to stop the compile as a dll, the capture to the cs source files and born of the dll.
! [](/Article/UploadPic/2017-9/2017916000274. png? www. myhack58. com)
The entire process is:
1. Pleadingly vicious thoughts SOAP WSDL
2. . NET Framework System. Runtime. Remoting. ni. dll in the IsValidUrl verify the defect
3. 歹意代码经由进程.NET Framework of the System. Runtime. Remoting. ni. dll PrintClientProxy written in the cs file.
4. csc. exe for cs files compiled into a dll
5. Office add-in dll
6. Fulfilling vicious thoughts code
Vulnerability flaws bug verification
! [](/Article/UploadPic/2017-9/2017916000520.jpg)
Repair plan
For the vulnerability flaws of the bug invasion attack samples, 360 network security guards have been in the first follow-up killing, please large recent user don’t close the unsolicited office documents, while the coherent unit is also necessary warnings such 0day vulnerabilities flaws bug the orientation of the intrusion, and the application 360 Internet Security Guard means vulnerability flaws bug patch and attack to the vulnerability flaws of the bug invasion attack.
Network security notification Bulletin: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8759Read More

Back to Main

Subscribe for the latest news: