CVE-2017-8710

EPSS 10.4%

Vexday Risk Score

8Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS —EPSS 10.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

13 set 2017Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".

Produtos afetados

Microsoft Corporation · Microsoft Common Console Document (.msc)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710 https://www.vulnerability-lab.com/get_content.php?id=2094 https://www.youtube.com/watch?v=bIFot3a-58I http://www.securityfocus.com/bid/100793 http://www.securitytracker.com/id/1039325