Information Disclosure in Windows Performance Monitor by Microsoft
CVE-2017-0170

6.5MEDIUM

Key Information:

Vendor
Microsoft
Status
Windows Server 2008 Sp2 And R2 Sp1, Windows 7 Sp1, Windows 8.1, Windows Server 2012 Gold And R2, Windows Rt 8.1, Windows 10 Gold, 1511, 1607, 1703, And Windows Server 2016
Vendor
CVE Published:
11 July 2017

Summary

An information disclosure vulnerability exists in the Windows Performance Monitor due to improper XML input parsing. This flaw could allow an attacker to access sensitive information that could be exploited for further attacks. Affected systems include various versions of Windows, allowing for a broad range of exposure across multiple products.

Affected Version(s)

Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 Windows Performance Monitor

References

http://www.securitytracker.com/id/1038855
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/99398
vdb-entryx_refsource_BID
https://portal.msrc.microsoft.com/en-us/security-guidance...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.