
Microsoft Windows System Information Console XXE Injection Information Disclosure
TSL ID | TSL20170711-11 |
CVE ID(s) | CVE-2017-8557 |
Severity | Moderate |
Description | An XML external entity (XXE) injection vulnerability has been reported in the System Information Console component of Microsoft Windows. The vulnerability is due to a failure to properly handle external entity references in XML files. A remote attacker could exploit this vulnerability by enticing a target user into opening a crafted XML file with System Information Console. Successful exploitation results in the disclosure of file contents from the target system. The vendor, Microsoft, has released the following advisory regarding this vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8557 |
Affected Products |
|
CVSS Score |
Base 7.1 (AV:N/AC:M/Au:N/C:C/I:N/A:N):
|
References |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8557 |
Related Threats |