Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-8710

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".

Published

2017-09-13T01:29:10.613

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-611

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	microsoft	windows_7	-	Yes
Operating System	microsoft	windows_server_2008	-	Yes
Operating System	microsoft	windows_server_2008	r2	Yes
Operating System	microsoft	windows_server_2008	r2	Yes

References

http://www.securityfocus.com/bid/100793 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1039325 Third Party Advisory, VDB Entry ([email protected])
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710 Patch, Vendor Advisory ([email protected])
https://www.vulnerability-lab.com/get_content.php?id=2094 Exploit, Third Party Advisory ([email protected])
https://www.youtube.com/watch?v=bIFot3a-58I Exploit, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/100793 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1039325 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.vulnerability-lab.com/get_content.php?id=2094 Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.youtube.com/watch?v=bIFot3a-58I Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)