HTTP: Microsoft Windows Explorer CVE-2017-8464 Remote Code Execution
This signature detects an attempt to exploit a known vulnerability against Microsoft Windows Explorer. Successful exploitation of this issue may grant an attacker remote code execution.
Extended Description
Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability."
Affected Products
Microsoft windows_10_1511
Short Name
HTTP:STC:DL:CVE-2017-8464-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2017-8464 Code Execution Explorer Microsoft Remote Windows bid:98818
Release Date
06/13/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3798
False Positive
Unknown
Vendors
Microsoft
CVSS Score
9.3