Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-8710
HistorySep 13, 2017 - 1:29 a.m.

CVE-2017-8710

2017-09-1301:29:10
CWE-611
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka “Windows Information Disclosure Vulnerability”.

Affected configurations

NVD
Node
microsoftwindows_7Match-sp1
OR
microsoftwindows_server_2008Match-sp2
OR
microsoftwindows_server_2008Matchr2sp1itanium
OR
microsoftwindows_server_2008Matchr2sp1x64

Related

symantec 1
mscve 1
vulnerlab 2
openvas 2
checkpoint_advisories 1
cve 1
mskb 3
prion 1
cvelist 1
kaspersky 1
nessus 2
talosblog 1
trendmicroblog 1
symantec
symantec
Microsoft Windows CVE-2017-8710 Information Disclosure Vulnerability
2017-09-12 00:00:00
mscve
mscve
Windows System Information Console Information Disclosure Vulnerability
2017-09-12 07:00:00
vulnerlab
vulnerlab
Microsoft Windows - MSC XXE Data Exfiltrate Vulnerability
2017-09-18 00:00:00
Microsoft Windows - MSC XXE Data Exfiltrate Vulnerability
2017-09-18 00:00:00
openvas
openvas
Microsoft Windows Information Disclosure Vulnerability (KB4039038)
2017-09-13 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB4038777)
2017-09-13 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Windows XXE Information Disclosure (CVE-2017-8710)
2017-09-17 00:00:00
cve
cve
CVE-2017-8710
2017-09-13 01:29:10
mskb
mskb
Security update for the information disclosure vulnerability in Windows Server 2008: September 12, 2017
2017-09-12 07:00:00
September 12, 2017—KB4038779 (Security-only update)
2017-09-12 07:00:00
September 12, 2017—KB4038777 (Monthly Rollup)
2017-09-12 07:00:00
prion
prion
Information disclosure
2017-09-13 01:29:00
cvelist
cvelist
CVE-2017-8710
2017-09-12 00:00:00
kaspersky
kaspersky
KLA11899 Multiple vulnerabilities in Microsoft Products (ESU)
2017-09-12 00:00:00
nessus
nessus
Windows 2008 September 2017 Multiple Security Updates
2017-09-12 00:00:00
Windows 7 and Windows Server 2008 R2 September 2017 Security Updates
2017-09-12 00:00:00
talosblog
talosblog
Microsoft Patch Tuesday - September 2017
2017-09-12 15:41:00
trendmicroblog
trendmicroblog
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of September 11, 2017
2017-09-15 14:59:53

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

5.2 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.1%

JSON
Related for NVD:CVE-2017-8710
symantec1mscve1vulnerlab2openvas2checkpoint_advisories1cve1mskb3prion1cvelist1kaspersky1nessus2talosblog1trendmicroblog1