CVE-2017-8710

Опубликовано: 13 сент. 2017

Источник: nvd

CVSS3: 5.5

CVSS2: 4.3

EPSS Средний

Описание

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".

Ссылки

http://www.securityfocus.com/bid/100793
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039325
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710
Patch
Vendor Advisory
https://www.vulnerability-lab.com/get_content.php?id=2094
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=bIFot3a-58I
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/100793
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039325
Third Party Advisory
VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710
Patch
Vendor Advisory
https://www.vulnerability-lab.com/get_content.php?id=2094
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=bIFot3a-58I
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:itanium:*

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*

EPSS

Процентиль: 97%

0.33099

Средний

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-611

Связанные уязвимости

CVE-2017-8710

CVSS3: 4.4

msrc

почти 8 лет назад

Windows System Information Console Information Disclosure Vulnerability

GHSA-v2hx-p2cq-5wm5