KEV 2017

SAP NetWeaver AS Java — Dot-Dot Path Traversal in Scheduler UI Enables Unauthenticated Arbitrary File Read; Added KEV March 2025

Linux Kernel — load_elf_binary() Stack Overflow via PIE Executable Mapping Allows Local Privilege Escalation; Ransomware Post-Exploitation; Added KEV September 2024

Oracle WebLogic Server — WLS-WSAT Component Processes Malicious XML Document to Execute OS Commands; Precursor to CVE-2017-10271; HIGH 7.4; Patched April 2017

Zyxel EMG2926-Q10A Router — Authenticated OS Command Injection via NSLookup Diagnostic Parameter; Ransomware Use; HIGH 8.8

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 6) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8

NETGEAR Multiple Routers — Unauthenticated Admin Password Recovery Endpoint Discloses Credentials via Crafted HTTP Request; HIGH 8.1; Added KEV September 2022

Google Chrome V8 Engine — Out-of-Bounds Read Memory Corruption in Turbofan JIT Compiler Enables Renderer RCE via Crafted HTML; HIGH 8.8; Fixed Chrome 57

Google Chrome V8 Engine — Type Confusion in JIT Compiler Enables Renderer RCE via Crafted HTML Page; HIGH 8.8; Fixed Chrome 59

Microsoft Internet Explorer — OOB Write in Layout Engine Enables Drive-By RCE; Exploit Kit Adoption; Patched MS17-006 (March 2017)

Microsoft Internet Explorer — Cross-Domain Policy Bypass Enables Zone Escalation; Chained with IE RCE Exploits; Patched April 2017

Microsoft Windows GDI — Zero-Day GDI Kernel LPE Attributed to APT3 Enables SYSTEM Privilege; Patched MS17-013 (March 2017)

Artifex Ghostscript — -dSAFER Sandbox Bypass via .rsdparams Type Confusion Enables Remote Code Execution via Crafted PostScript/EPS/PDF; HIGH 7.8

Microsoft Windows SMBv1 — EternalRomance Memory Disclosure Leaks Server Memory for ASLR Bypass; Shadow Brokers Leak; Patched MS17-010 (March 2017)

Microsoft Windows SMBv1 — EternalSynergy/EternalBlue-Related SMBv1 RCE; Shadow Brokers Leak; WannaCry/NotPetya Propagation; Patched MS17-010 (March 2017)

Microsoft Windows SMBv1 — EternalSynergy: NSA Equation Group SMBv1 RCE; Shadow Brokers Leak; WannaCry/NotPetya Propagation; Patched MS17-010 (March 2017)

NETGEAR DGN2200 — Authenticated OS Command Injection via dnslookup.cgi Enables Root RCE; EOL — Disconnect; HIGH 8.8

Adobe Flash Player — Type Confusion Exploited as Zero-Day by Black Oasis APT (FinSpy); APSB17-32 Emergency Patch October 2017; Flash EOL December 2020

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow via Crafted SNMP Packets Enables Authenticated RCE; Part of cisco-sa-20170629-snmp; HIGH 8.8

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 2) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 3) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 4) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 5) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8

Cisco IOS and IOS XE — SNMP Subsystem Buffer Overflow (Variant 7) Enables Authenticated RCE; Part of cisco-sa-20170629-snmp; HIGH 8.8

Cisco IOS — SNMP Subsystem Buffer Overflow (Variant 8) Enables Authenticated RCE or Device Reload; Part of cisco-sa-20170629-snmp; HIGH 8.8

Microsoft Edge / Internet Explorer — mshtml.dll Type Confusion Enables Remote Code Execution via Malicious Web Page; Patched MS17-007 (March 2017)

Apache Tomcat — HTTP PUT with Trailing Slash Uploads JSP Web Shell on Windows; Ransomware Delivery; Patched September 2017; Companion CVE-2017-12617 (All Platforms)

Apache Tomcat — HTTP PUT JSP Upload RCE on All Platforms via Partial PUT Bypass; Companion to CVE-2017-12615 (Windows); Patched October 2017

Microsoft Windows TxF — Transaction Manager Kernel Memory Corruption Enables SYSTEM Privilege Escalation; Used in Ransomware Chains; Patched MS17-017 (March 2017)

Microsoft Windows GDI — Kernel Use-After-Free Enables Local Privilege Escalation to SYSTEM; Patched MS17-013 (March 2017)

Microsoft Office — EPS Filter UAF Zero-Day Exploited by APT28/Turla Before May 2017 Patch; Chained with Win32k LPE CVE-2017-0263 for Sandbox Escape

Microsoft Office — OOXML Document Object Memory Corruption Exploited in Targeted Attacks; Patched October 2017 Patch Tuesday

Microsoft Malware Protection Engine (MsMpEng) — Scanning Malicious File Triggers OOB Write Memory Corruption and SYSTEM RCE; HIGH 7.8; Patched May 2017

Cisco IOS — NAT Implementation Flaw Enables Unauthenticated Remote DoS; Part of September 2017 Cisco Advisory Bundle; Nation-State Network Infrastructure Targeting

Cisco IOS — CIP Implementation Flaw Causes Unauthenticated Remote DoS; ICS/OT Network Risk; September 2017 Advisory Bundle

Cisco IOS — Second CIP DoS Vulnerability; Unauthenticated Remote Device Reload; September 2017 Advisory Bundle; ICS/OT Network Exposure

Cisco IOS Industrial Ethernet Switches — PROFINET PN-DCP Flaw Enables Unauthenticated Remote DoS; ICS/OT Manufacturing Risk; September 2017 Advisory Bundle

Cisco IOS/IOS XE — IKEv2 Flaw Enables Unauthenticated Remote DoS via CPU Exhaustion or Reload; VPN Infrastructure Targeting; September 2017 Advisory Bundle

Cisco IOS and IOS XE — UDP Processing Input Queue Wedge Causes Interface Denial-of-Service; HIGH 7.5; Patched September 2017

Microsoft Windows — COM Aggregate Marshaler Registry Hijack Enables LPE to SYSTEM; Ransomware Post-Exploitation; Patched May 2017

Microsoft Internet Explorer — OOB Write in Trident Layout Engine Enables Drive-By RCE; Exploit Kit Adoption; Patched May 2017

Microsoft SMBv1 'EternalBlue' — NSA-Developed SMBv1 Buffer Overflow Used in WannaCry and NotPetya

Microsoft Windows SMBv1 — EternalChampion: NSA Equation Group SMBv1 RCE; Shadow Brokers Leak; WannaCry/NotPetya Ransomware; Patched MS17-010 (March 2017)

Microsoft Windows — Shell LNK File Icon Processing Executes Attacker-Controlled DLL via Network Share or Removable Media; HIGH 8.8; Patched June 2017

Microsoft Office — Composite Moniker OLE Object Processing Bypass Executes Script via Crafted Document; Successor to CVE-2017-0199; HIGH 7.8; Patched July 2017

Microsoft Office — EPS Filter UAF Zero-Day Exploited by APT28 Before May 2017 Patch; Companion to CVE-2017-0261 (Turla); EPS Permanently Disabled Post-Patch

Microsoft Win32k — UAF Kernel LPE Used by APT28 and Turla as Stage-2 Sandbox Escape Paired with Office EPS Zero-Days CVE-2017-0261/0262; Patched May 2017

Oracle WebLogic Server — XMLDecoder Deserialization via WLS-WSAT Component Enables Unauthenticated RCE; Cryptominer and Ransomware Mass Exploitation; Patched October 2017 CPU

Embedthis GoAhead — CGI Environment Variable Injection via ld.so Enables Unauthenticated RCE on Embedded/IoT Devices; HIGH 8.1; Fixed in 3.6.5

Microsoft Windows SMBv1 — EternalRomance: NSA Equation Group SMBv1 RCE Exposed by Shadow Brokers; WannaCry and NotPetya Ransomware Propagation; Patched MS17-010

Symantec Symantec Messaging Gateway — Symantec Messaging Gateway Remote Code Execution Vulnerability

DotNetNuke (DNN) CMS — DNNPersonalization Cookie .NET BinaryFormatter Deserialization Enables Authenticated RCE; Ransomware Used; HIGH 8.8; Patched July 2017

Apache Struts REST Plugin — XStream XML Deserialization Without Type Filtering Enables Unauthenticated RCE via Crafted XML Request; S2-052; HIGH 8.1; Patched September 2017

Microsoft Office/WordPad — RTF OLE2 HTA Zero-Day: Moniker Download-and-Execute Before April 2017 Patch; Used by Carbanak, APT32, Dridex; Ransomware Delivery

Microsoft Outlook — Home Page Feature Enables RCE via Malicious URL; APT33 Persistence Mechanism; Patched October 2017 Patch Tuesday

Microsoft Office — 17-Year-Old Equation Editor (EQNEDT32.EXE) Stack Overflow; No ASLR/DEP; Massively Exploited for RAT/Ransomware Delivery Globally; Patched November 2017

Roundcube Webmail — Insufficient Attachment Plugin Input Validation Enables Authenticated Arbitrary File Read on Webmail Server; HIGH 7.8; Fixed November 2017

Microsoft .NET Framework — WSDL Code Injection via Crafted SOAP Response Enables RCE When Processing Malicious Document; HIGH 7.8; Patched September 2017