CVE-2017-0148

8.1

HIGHCVSS v3.1 Base Score

94.07%

HIGH RiskEPSS (100th percentile)

NVD-CWE-noinfo

The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, and CVE-2017-0146.

Published: 3/17/2017

Modified: 10/22/2025

Back to CVE Lookup

Vulnerability Summary

CVSS v3 Score

8.1HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2 Score

9.3

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS Score (Exploitation Probability)

94.07%HIGH Exploitation Risk

100th percentile

This vulnerability has a 94.07% probability of being exploited in the next 30 days, ranking higher than 100% of all scored CVEs.

CWE Classification

NVD-CWE-noinfo

Learn More

CVSS Calculator

View this score breakdown or calculate a custom score

Understanding CVSS Scoring

Learn how severity scores are calculated and what they mean

CVE Prioritization Guide

Best practices for deciding which vulnerabilities to address first

Essential guide to Common Vulnerabilities and Exposures

CVE vs CWE Explained

Understand how CVEs relate to underlying weakness types