4 matches found
Microsoft Windows Performance Monitor XXE Injection Information Disclosure (CVE-2017-0170)
An XML external entity XXE injection vulnerability exists in Windows Performance Monitor component of Microsoft Windows. The vulnerability is due to a failure to properly handle external entity references in XML files...
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025343)
This host is missing a critical security update according to Microsoft KB4025343 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-0170
CVE-2017-0170 is an information-disclosure flaw in Windows Performance Monitor Console where XML input is parsed unsafely, allowing an XML external entity (XXE) to read arbitrary files. Affected are Windows versions listed in the CVE description (Windows 7/8.1/10, Windows Server variants, and Win...
Microsoft Windows CVE-2017-0170 XML External Entity Local Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...