Microsoft XML Core Services CVE-2017-0022 Information Disclosure Vulnerability



Microsoft XML Core Services (MSXML) is prone to an information-disclosure vulnerability.

An attacker can exploit this issue by enticing an unsuspecting user to visit a specially crafted webpage.

An attacker can exploit this issue to gain access to sensitive information that may lead to further attacks.

Information

Bugtraq ID: 96069
Class: Origin Validation Error
CVE: CVE-2017-0022

Remote: Yes
Local: No
Published: Mar 14 2017 12:00AM
Updated: Sep 28 2017 04:00PM
Credit: Brooks Li and Joseph C Chen, Trend Micro and Will Metcalf and Kafeine of Proofpoint
Vulnerable: Microsoft Windows Vista x64 Edition SP2
Microsoft Windows Vista SP2
Microsoft Windows Server 2016 for x64-based Systems 0
Microsoft Windows Server 2012 R2 0
Microsoft Windows Server 2012 0
Microsoft Windows Server 2008 R2 for x64-based Systems SP1
Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
Microsoft Windows Server 2008 for x64-based Systems SP2
Microsoft Windows Server 2008 for Itanium-based Systems SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows RT 8.1
Microsoft Windows 8.1 for x64-based Systems 0
Microsoft Windows 8.1 for 32-bit Systems 0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows 10 Version 1607 for x64-based Systems 0
Microsoft Windows 10 Version 1607 for 32-bit Systems 0
Microsoft Windows 10 version 1511 for x64-based Systems 0
Microsoft Windows 10 version 1511 for 32-bit Systems 0
Microsoft Windows 10 for x64-based Systems 0
Microsoft Windows 10 for 32-bit Systems 0


Not Vulnerable:

Exploit


This vulnerability is being exploited as part of the Stegano exploit kit.


Related Posts

Comments