New Search

Windows Information Disclosure Vulnerability – CVE-2017-8710

oval:org.cisecurity:def:3257

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1 Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity aka "Windows Information Disclosure Vulnerability".

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows 7
Class:
vulnerability
Reference(s):
  • CVE-2017-8710
Product(s):