XML injection in Windows - CVE-2017-0045
Published: March 14, 2017 / Updated: March 16, 2017
Vulnerability identifier: #VU5956
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:L/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-0045
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: Microsoft
Affected software:
Windows
Windows
Detailed vulnerability description
The disclosed vulnerability allows a remote attacker to gain access to potentially sensitive data.
The vulnerability exists due to a flaw in Windows DVD Maker when parsing a malicious .msdvd file. A remote attacker can create a specially crafted .msdvd file, trick the victim into opening it and read arbitrary file on the victim's computer.
Successful exploitation of this vulnerability may allow an attacker to read arbitrary file on victim's computer.
How to mitigate CVE-2017-0045
Install update from vendor's website.