#VU7468 XXE attack in Windows and Windows Server - CVE-2017-8557
Published: July 11, 2017 / Updated: July 11, 2017
Vulnerability identifier: #VU7468
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-8557
CWE-ID: CWE-611
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Windows
Windows Server
Windows
Windows Server
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote attacker to conduct XXE attack.
The weakness exists due to improper parsing of XML input containing a reference to an external entity. A remote attacker can send manipulated XML content, trick the victim into opening and read arbitrary files on the system.
Successful exploitation of the vulnerability may result in information disclosure.
The weakness exists due to improper parsing of XML input containing a reference to an external entity. A remote attacker can send manipulated XML content, trick the victim into opening and read arbitrary files on the system.
Successful exploitation of the vulnerability may result in information disclosure.
Remediation
Install updates from vendor's website.