The below versions of Microsoft Frameworks are affected by this vulnerability:<\/p>\n
\u2022 Microsoft .NET Framework 2.0 SP2
\n\u2022 Microsoft .NET Framework 3.5
\n\u2022 Microsoft .NET Framework 3.5.1
\n\u2022 Microsoft .NET Framework 4.5.2
\n\u2022 Microsoft .NET Framework 4.6
\n\u2022 Microsoft .NET Framework 4.6.1
\n\u2022 Microsoft .NET Framework 4.6.2\/4.7
\n\u2022 Microsoft .NET Framework 4.6\/4.6.1\/4.6.2\/4.7
\n\u2022 Microsoft .NET Framework 4.7<\/p>\n
Vulnerability <\/strong><\/p>\n This is a code injection vulnerability in SOAP Moniker which allows an attacker to perform a remote code execution on the targeted machine. After successful exploitation, the attacker can take control of vulnerable system and download and execute programs on the affected system at will.<\/p>\n The malicious RTF document, which is an initial attack vector, makes a request to a CNC server and downloads vulnerable SOAP WSDL content.<\/p>\n The vulnerability triggers while parsing the SOAP WSDL content and malicious payloads get downloaded and executed on the victim\u2019s machine.<\/p>\n Quick Heal Detections<\/strong><\/p>\n Quick Heal has released the following detections for the vulnerability CVE-2017-8759<\/a><\/p>\n The observed payload in the wild delivered after the exploitation of this vulnerability was FINSPY. The payload is detected by Quick Heal as \u201cBackdoor.FinSpy\u201d.<\/p>\n![\"Fig](\"https:\/\/blogs_admin.quickheal.com\/wp-content\/uploads\/2017\/09\/SOAP_req_censored.jpg\")
\n
\n
\n