Microsoft Windows System Information Console CVE-2017-8557 Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists in the Microsoft Common Console Document (.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.
Affected Applications
Windows 10
Windows 7
Windows 8
Windows RT 8.1
Windows Server 2008
Windows Server 2012
Windows Server 2016