HTTP: Microsoft .NET Framework WSDL Remote Code Execution
This signature detects attempts to exploit a known vulnerability in Microsoft .NET Framework. The vulnerability is due to improper processing of untrusted input while parsing WSDL files. A remote attacker could exploit this vulnerability by convincing a target user to open a malicious document or application. Successful exploitation of this vulnerability could allow the attacker execute arbitrary code under the security context of the target user.
Extended Description
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
References
BugTraq: 100742
CVE: CVE-2017-8759
URL: https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
Short Name
HTTP:MICROSOFT-WSDL-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
.NET CVE-2017-8759 Code Execution Framework Microsoft Remote WSDL bid:100742
Release Date
09/28/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Unknown
CVSS Score
9.3