CVE-2017-8543

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/98824	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038667	Broken Link Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543	Mitigation Patch Vendor Advisory
http://www.securityfocus.com/bid/98824	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038667	Broken Link Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8543	Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_10_1507:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1507:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_1511:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1511:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_1607:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1607:-::::::x86:
	cpe:2.3:o:microsoft:windows_10_1703:-::::::x64:
	cpe:2.3:o:microsoft:windows_10_1703:-::::::x86:
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::itanium:*
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*

History

04 Apr 2025, 20:28

Type	Values Removed	Values Added
First Time		Microsoft windows 10 1607 Microsoft windows 10 1703 Microsoft windows 10 1507 Microsoft windows 10 1511
References	~~() http://www.securityfocus.com/bid/98824 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/98824 - Broken Link, Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1038667 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1038667 - Broken Link, Third Party Advisory, VDB Entry
CPE	cpe:2.3:o:microsoft:windows_10:1511:::::::* cpe:2.3:o:microsoft:windows_10:1703:::::::* cpe:2.3:o:microsoft:windows_10:1607:::::::* cpe:2.3:o:microsoft:windows_10:-:::::::*	cpe:2.3:o:microsoft:windows_10_1511:-::::::x86: cpe:2.3:o:microsoft:windows_10_1507:-::::::x86: cpe:2.3:o:microsoft:windows_10_1703:-::::::x86: cpe:2.3:o:microsoft:windows_10_1507:-::::::x64: cpe:2.3:o:microsoft:windows_10_1607:-::::::x86: cpe:2.3:o:microsoft:windows_10_1703:-::::::x64: cpe:2.3:o:microsoft:windows_10_1607:-::::::x64: cpe:2.3:o:microsoft:windows_10_1511:-::::::x64:

Information

Published : 2017-06-15 01:29

Updated : 2025-04-20 01:37

NVD link : CVE-2017-8543

Mitre link : CVE-2017-8543

CVE.ORG link : CVE-2017-8543

JSON object : View

Products Affected

microsoft

windows_server_2016
windows_10_1703
windows_10_1511
windows_server_2012
windows_rt_8.1
windows_8.1
windows_server_2008
windows_7
windows_10_1607
windows_10_1507

CWE

CWE-281

Improper Preservation of Permissions

9.8 /10