CVE-2017-8710

Exploit

EPSS 33.1%
Published 13.09.2017 01:29:10
Last modified 20.04.2025 01:37:25
Source secure@microsoft.com
Teams watchlist Login
Open Login

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 7 Version- Updatesp1

Microsoft ≫ Windows Server 2008 Version- Updatesp2

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium

Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	33.1%	0.967

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

http://www.securitytracker.com/id/1039325

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/100793

Third Party Advisory

VDB Entry

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710

Patch

Vendor Advisory

https://www.vulnerability-lab.com/get_content.php?id=2094

Third Party Advisory

Exploit