7.5 CVE-2017-0147

CISA Kev Catalog Used by Malware Patch Exploit

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to obtain sensitive information from process memory via a crafted packets, aka "Windows SMB Information Disclosure Vulnerability."
https://nvd.nist.gov/vuln/detail/CVE-2017-0147

References

af854a3a-2127-422b-91ae-364da2661108 Patch Exploit

http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Ne... Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Exec... Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96709 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037991 Broken Link Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Third Party Advisory US Government Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147 Patch Vendor Advisory
https://www.exploit-db.com/exploits/41891/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41987/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43970/ Exploit Third Party Advisory VDB Entry

secure@microsoft.com Patch Exploit

http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Ne... Exploit Third Party Advisory VDB Entry
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Exec... Exploit Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/96709 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1037991 Broken Link Third Party Advisory VDB Entry
https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02 Third Party Advisory US Government Resource
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147 Patch Vendor Advisory
https://www.exploit-db.com/exploits/41891/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/41987/ Exploit Third Party Advisory VDB Entry
https://www.exploit-db.com/exploits/43970/ Exploit Third Party Advisory VDB Entry

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
cpe:2.3:o:microsoft:windows_7:-:sp1::::::
cpe:2.3:o:microsoft:windows_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
Configuration 2
AND
cpe:2.3:o:siemens:acuson_p300_firmware:13.02:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.03:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.20:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.21:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_p300:-:::::::*
Configuration 3
AND
cpe:2.3:o:siemens:acuson_p500_firmware:va10:::::::*
cpe:2.3:o:siemens:acuson_p500_firmware:vb10:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_p500:-:::::::*
Configuration 4
AND
cpe:2.3:o:siemens:acuson_sc2000_firmware::::::::	>= 4.0	< 4.0e
cpe:2.3:o:siemens:acuson_sc2000_firmware:5.0a:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_sc2000:-:::::::*
Configuration 5
AND
cpe:2.3:o:siemens:acuson_x700_firmware:1.0:::::::*
cpe:2.3:o:siemens:acuson_x700_firmware:1.1:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_x700:-:::::::*
Configuration 6
AND
cpe:2.3:o:siemens:syngo_sc2000_firmware::::::::	>= 4.0	< 4.0e
cpe:2.3:o:siemens:syngo_sc2000_firmware:5.0a:::::::*
Running on/with
cpe:2.3:h:siemens:syngo_sc2000:-:::::::*
Configuration 7
AND
cpe:2.3:o:siemens:tissue_preparation_system_firmware::::::::
Running on/with
cpe:2.3:h:siemens:tissue_preparation_system:-:::::::*
Configuration 8
AND
cpe:2.3:o:siemens:versant_kpcr_molecular_system_firmware::::::::
Running on/with
cpe:2.3:h:siemens:versant_kpcr_molecular_system:-:::::::*
Configuration 9
AND
cpe:2.3:o:siemens:versant_kpcr_sample_prep_firmware::::::::
Running on/with
cpe:2.3:h:siemens:versant_kpcr_sample_prep:-:::::::*

REMEDIATION

Patch

Url
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147

EXPLOITS

Exploit-db.com

id	description	date
41891	Microsoft Windows - SMB Remote Code Execution Scanner (MS17-010) (Metasploit)	2017-04-17
43970	Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)	2018-02-05

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Ne...
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Exec...
https://www.exploit-db.com/exploits/41891/
https://www.exploit-db.com/exploits/41987/
https://www.exploit-db.com/exploits/43970/
http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Ne...
http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Exec...
https://www.exploit-db.com/exploits/41891/
https://www.exploit-db.com/exploits/41987/
https://www.exploit-db.com/exploits/43970/

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee

cpe	start	end
Configuration 1
cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
cpe:2.3:o:microsoft:windows_10_1511:-:::::::*
cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
cpe:2.3:o:microsoft:windows_7:-:sp1::::::
cpe:2.3:o:microsoft:windows_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1::::::
cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
cpe:2.3:o:microsoft:windows_vista:-:sp2::::::
Configuration 2
AND
cpe:2.3:o:siemens:acuson_p300_firmware:13.02:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.03:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.20:::::::*
cpe:2.3:o:siemens:acuson_p300_firmware:13.21:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_p300:-:::::::*
Configuration 3
AND
cpe:2.3:o:siemens:acuson_p500_firmware:va10:::::::*
cpe:2.3:o:siemens:acuson_p500_firmware:vb10:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_p500:-:::::::*
Configuration 4
AND
cpe:2.3:o:siemens:acuson_sc2000_firmware::::::::	>= 4.0	< 4.0e
cpe:2.3:o:siemens:acuson_sc2000_firmware:5.0a:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_sc2000:-:::::::*
Configuration 5
AND
cpe:2.3:o:siemens:acuson_x700_firmware:1.0:::::::*
cpe:2.3:o:siemens:acuson_x700_firmware:1.1:::::::*
Running on/with
cpe:2.3:h:siemens:acuson_x700:-:::::::*
Configuration 6
AND
cpe:2.3:o:siemens:syngo_sc2000_firmware::::::::	>= 4.0	< 4.0e
cpe:2.3:o:siemens:syngo_sc2000_firmware:5.0a:::::::*
Running on/with
cpe:2.3:h:siemens:syngo_sc2000:-:::::::*
Configuration 7
AND
cpe:2.3:o:siemens:tissue_preparation_system_firmware::::::::
Running on/with
cpe:2.3:h:siemens:tissue_preparation_system:-:::::::*
Configuration 8
AND
cpe:2.3:o:siemens:versant_kpcr_molecular_system_firmware::::::::
Running on/with
cpe:2.3:h:siemens:versant_kpcr_molecular_system:-:::::::*
Configuration 9
AND
cpe:2.3:o:siemens:versant_kpcr_sample_prep_firmware::::::::
Running on/with
cpe:2.3:h:siemens:versant_kpcr_sample_prep:-:::::::*