Rapid7 Vulnerability & Exploit Database

Microsoft Windows: CVE-2017-8588: WordPad Remote Code Execution Vulnerability

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Microsoft Windows: CVE-2017-8588: WordPad Remote Code Execution Vulnerability

Severity
8
CVSS
(AV:N/AC:H/Au:N/C:C/I:C/A:C)
Published
07/11/2017
Created
07/25/2018
Added
07/11/2017
Modified
09/11/2024

Description

Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to the way it parses specially crafted files, aka "WordPad Remote Code Execution Vulnerability".

Solution(s)

  • microsoft-windows-windows_10-1507-kb4025338
  • microsoft-windows-windows_10-1511-kb4025344
  • microsoft-windows-windows_10-1607-kb4025339
  • microsoft-windows-windows_10-1703-kb4025342
  • microsoft-windows-windows_server_2012-kb4025343
  • microsoft-windows-windows_server_2012_r2-kb4025333
  • microsoft-windows-windows_server_2012_r2-kb4025336
  • microsoft-windows-windows_server_2016-1607-kb4025339
  • msft-kb4025333-2884a1b4-f534-42b7-b4e9-6b07e48912f2
  • msft-kb4025333-9787a4fc-d69c-4bf5-92bf-7ee510368696
  • msft-kb4025337-27fce932-7817-4fdb-965f-19eb36d78839
  • msft-kb4025337-6c36dd1f-0240-48fa-9696-3fcf17a57a62
  • msft-kb4025337-794feee1-ea78-4c11-a683-a91335abb0e3
  • msft-kb4025337-856a0bc5-b356-4282-a54e-9cf87b548303
  • msft-kb4025337-85fadee5-ed6f-4a22-964a-9b2991c4cff1
  • msft-kb4025337-c15b95d8-875f-4922-9460-08ece3c9b584
  • msft-kb4025343-3a348a0c-2982-4ee6-b51b-6e4644a6c888
  • msft-kb4025343-878d370a-a48a-4f91-b0fc-a0dfd69e30ab
  • msft-kb4026061-14583a32-0607-420e-bf64-87984c2c9da4
  • msft-kb4026061-5b87501d-72b5-4681-9ab5-3853615727d0
  • msft-kb4026061-5f547424-34af-49f0-8389-b203943e6560
  • msft-kb4026061-c1949c1c-6130-4499-971b-b479ef5568f5

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;