Vulnerabilities > CVE-2017-0016 - NULL Pointer Dereference vulnerability in Microsoft products

047910
CVSS 7.1 - HIGH
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
network
microsoft
CWE-476
nessus

Summary

Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability."

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS17-012.NASL
descriptionThe remote Windows host is missing a security update. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in Device Guard due to improper validation of certain elements in a signed PowerShell script. An unauthenticated, remote attacker can exploit this vulnerability to modify the contents of a PowerShell script without invalidating the signature associated with the file, allowing the execution of a malicious script. (CVE-2017-0007) - A denial of service vulnerability exists in the Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client implementations due to improper handling of certain requests sent to the client. An unauthenticated, remote attacker can exploit this issue, via a malicious SMB server, to cause the system to stop responding until it is manually restarted. (CVE-2017-0016) - A remote code execution vulnerability exists due to using an insecure path to load certain dynamic link library (DLL) files. A local attacker can exploit this, via a specially crafted library placed in the path, to execute arbitrary code. (CVE-2017-0039) - An information disclosure vulnerability exists in Windows dnsclient due to improper handling of certain requests. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to gain access to sensitive information on a targeted workstation. If the target is a server, the attacker can also exploit this issue by tricking the server into sending a DNS query to a malicious DNS server. (CVE-2017-0057) - An elevation of privilege vulnerability exists in Helppane.exe due to a failure by an unspecified DCOM object, configured to run as the interactive user, to properly authenticate the client. An authenticated, remote attacker can exploit this, via a specially crafted application, to execute arbitrary code in another user
last seen2020-06-01
modified2020-06-02
plugin id97743
published2017-03-15
reporterThis script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/97743
titleMS17-012: Security Update for Microsoft Windows (4013078)

Seebug

bulletinFamilyexploit
description### 1 vulnerability profile: SMB is a network file sharing Protocol that allows applications and end-user from a remote file server to access file resources. Just recently, foreign researchers published a SMB 3.0 Protocol 0day vulnerabilities, can cause the system to denial-of-service, there is no more detailed vulnerability details disclosed. ### 2 vulnerability: The attacker can convince a user to visit bogus SMB Server, thereby performing a denial of service attack, the ultimate harm to the user of the system. ### 3 effect version: Windows Server 2012 Windows Server 2016 Windows 10 other versions may also be affected. ### 4 environment to build PoC to run the server:Ubuntu 16.04 x64 Test client:Windows 10 x64 PoC as follows: https://www.exploit-db.com/exploits/41222/ ### 5 vulnerability reproduction In Ubuntu under the implementation of the PoC script to simulate the SMB of the service end and wait for the client connection: ![](https://images.seebug.org/1486108623358) In client Windows 10 to access the SMB service end: ![](https://images.seebug.org/1486108655470) Will eventually trigger the vulnerability to cause the system to crash: ![](https://images.seebug.org/1486108661183) Vulnerability details and analysis: http://paper.seebug.org/215/
idSSV:92651
last seen2017-11-19
modified2017-02-03
published2017-02-03
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-92651
titleMicrosoft Windows SMBv3 denial of service vulnerability (CVE-2017-0016)