CVE-2017-8710 Information

Description

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1 Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity aka \Windows Information Disclosure Vulnerability.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

http://www.securityfocus.com/bid/100793 http://www.securitytracker.com/id/1039325 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8710 https://www.vulnerability-lab.com/get_content.php?id=2094 https://www.youtube.com/watch?v=bIFot3a-58I

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.5