Endpoint Vulnerability

Windows Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists in the Microsoft Common Console Document (.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration.

Affected Products

Windows 7,Windows Server 2008

References

CVE-2017-8710,