4 matches found
Microsoft Windows System Information Console XXE Injection Information Disclosure (CVE-2017-8557)
An XML external entity XXE injection vulnerability exist in the System Information Console component of Microsoft Windows. The vulnerability is due to a failure to properly handle external entity references in XML files. A remote attacker could exploit this vulnerability by enticing a target user...
Microsoft Windows Server 2012 Multiple Vulnerabilities (KB4025343)
This host is missing a critical security update according to Microsoft KB4025343 SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2017-8557
CVE-2017-8557 is a information- disclosure (XXE) vulnerability in Microsoft Windows System Information Console where XML input containing an external entity reference can cause reading arbitrary files. The issue affects Windows versions listed in the CVE description. Exploitation details are not ...
Microsoft Windows CVE-2017-8557 Local XML External Entity Information Disclosure Vulnerability
Description Microsoft Windows is prone to a local information-disclosure vulnerability. A local attacker can leverage this issue to disclose sensitive information that may aid in further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Versi...