CVE-2017-0250

HIGH

Description

Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability".

References

http://www.securityfocus.com/bid/98100

http://www.securitytracker.com/id/1039090

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0250

Details

Source: MITRE

Published: 2017-08-08

Updated: 2017-08-15

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
104382KB4034668: Windows 10 August 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
high
103816Windows 2008 October 2017 Multiple Security Updates (KRACK)NessusWindows : Microsoft Bulletins
critical
102273Windows 2008 August 2017 Multiple Security UpdatesNessusWindows : Microsoft Bulletins
high
102270Windows 8.1 and Windows Server 2012 R2 August 2017 Security UpdatesNessusWindows : Microsoft Bulletins
high
102269KB4034674: Windows 10 Version 1703 August 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
high
102268Windows Server 2012 August 2017 Security UpdatesNessusWindows : Microsoft Bulletins
high
102267Windows 7 and Windows Server 2008 R2 August 2017 Security UpdatesNessusWindows : Microsoft Bulletins
high
102265KB4034660: Windows 10 Version 1511 August 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
high
102264KB4034658: Windows 10 Version 1607 and Windows Server 2016 August 2017 Cumulative UpdateNessusWindows : Microsoft Bulletins
high