CVE-2017-0022

Summary

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

Severity
Medium
Severity Score

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE-ID

CWE-200

Vulnerability ID
CVE-2017-0022
Severity
Medium
Severity Score
4.3
Summary
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022 http://www.securityfocus.com/bid/96069 http://www.securitytracker.com/id/1038014 https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html
Mitigation and Patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022
Exploits
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-022 https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Metasploit Payload
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CWE ID
CWE-200

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud AgentTenable NessusRapid7 InsightVM
Company
About UsContactCareer
Resources
CVEWindows KBCase StudieseBooksPolicy TemplatesBlogWebinar
Try It
Patch AstraEPSS CalculatorContactFree ScanSchedule DemoLog In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :