CVE-2017-0045

EPSS 6.6%

Vexday Risk Score

23Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS —EPSS 6.6%KEV nãoPoC públicaNuclei —Metasploit —Patch —

Lifecycle

16 Mar 2017Public PoC

17 Mar 2017Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."

Affected products

Microsoft Corporation · Windows DVD Maker

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/41619/unverified exploitdbwww.exploit-db.com/exploits/41619unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045 https://www.exploit-db.com/exploits/41619/http://www.securityfocus.com/bid/96103 http://www.securitytracker.com/id/1038015