Microsoft MSXML CVE-2017-0022 Information Disclosure
TSL ID TSL20170314-23
CVE ID(s) CVE-2017-0022
Severity Moderate

An information disclosure vulnerability has been reported in Microsoft XML Core Services (MSXML). This vulnerability is due to incorrect handling of objects in memory by MSXML.

An attacker could exploit this vulnerability by enticing a user to visit a crafted website. By successfully exploiting this vulnerability, and attacker could check for the presence of specific files on disk.

The vendor, Microsoft, has released an advisory regarding this issue:

Affected Products
  • Microsoft Windows 10
  • Microsoft Windows 7
  • Microsoft Windows 8.1
  • Microsoft Windows RT 8.1
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
CVSS Score Base 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N):
  • Access vector is NETWORK
  • Access complexity is MEDIUM
  • Level of authentication required is NONE
  • Impact of this vulnerability on data confidentiality is PARTIAL
  • Impact of this vulnerability on data integrity is NONE
  • Impact of this vulnerability on data availability is NONE
Temporal 3.2 (E:U/RL:OF/RC:C):
  • The exploitability level of this vulnerability is UNPROVEN
  • The remediation level of this vulnerability is OFFICIAL FIX
  • The report confidence level of this vulnerability is CONFIRMED
Microsoft Security Bulletin
Related Threats