Microsoft Windows Performance Monitor CVE-2017-0170 Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists in the Windows Performance Monitor Console when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
Affected Applications
Windows 10
Windows 7
Windows 8
Windows Server 2008
Windows Server 2012
Windows Server 2016