Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0022: Microsoft XML Core Services Information Disclosure Vulnerability

Free InsightVM Trial No Credit Card Necessary

Watch Demo See how it all works

Back to Search

Microsoft CVE-2017-0022: Microsoft XML Core Services Information Disclosure Vulnerability

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

03/14/2017

Created

07/25/2018

Added

03/14/2017

Modified

02/16/2023

Description

An information vulnerability exists when Microsoft XML Core Services (MSXML) improperly handles objects in memory. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk. To exploit the vulnerability, an attacker could host a specially-crafted website that is designed to invoke MSXML through Internet Explorer. However, an attacker would have no way to force a user to visit such a website. Instead, an attacker would typically have to convince a user to either click a link in an email message or a link in an Instant Messenger request that would then take the user to the website. The update addresses the vulnerability by changing the way MSXML handles objects in memory.

Solution(s)

msft-kb3216916-2a63dea5-6bc9-42c8-8a85-8500054cbbf3
msft-kb3216916-3afdc96b-6946-4c72-92bd-095d44b4c3be
msft-kb3216916-606991da-9d3d-4db1-8d8e-30940dfb6f25
msft-kb3216916-abaefec4-ea78-493a-9776-276411f11752
msft-kb3216916-bb63b2ec-6ae8-4e6e-a06f-0d5523fd541f
msft-kb3216916-c3d8239b-5afe-4f5a-96a0-4b5a9f28707c
msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
msft-kb4012213-317ca43c-7dfe-4e04-8a21-2c6c4ab4fbb9
msft-kb4012213-5d351df3-6efb-4b17-93e0-b0e3a5babbc3
msft-kb4012213-80bc2b42-a953-4096-8595-130e9a9c9fb9
msft-kb4012214-1949e6d5-95b0-4e90-acfb-73c9d295fbbf
msft-kb4012214-57dbd57f-89b2-4abb-8582-14fc17870bb8
msft-kb4012214-b4d71d8b-1f2d-4958-ad08-e379293d71e8
msft-kb4012606-384d5679-3c34-433f-8564-66fc5136a5e9
msft-kb4012606-6a38fe85-98ba-4ce2-b4eb-aed947d5c203
msft-kb4013198-477b54b9-913d-4c4e-8da8-01e0b4cf15ce
msft-kb4013198-6d9f75f7-d998-4188-a935-7603f4e51a4d
msft-kb4013429-724ee219-b949-4d44-9e02-e464c6062ae4
msft-kb4013429-74b1fe65-bd6b-4b76-a624-8674748898f2
msft-kb4013429-e29d1b22-493d-44dd-8857-7c6c7cb6d84c

References

https://attackerkb.com/topics/cve-2017-0022
CVE - 2017-0022
3216916
4012212
4012213
4012214
4012215
4012216
4012217
4012606
4013198
4013429
MS17-006
MS17-008
MS17-022

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;

Rapid7 Vulnerability & Exploit Database

Microsoft CVE-2017-0022: Microsoft XML Core Services Information Disclosure Vulnerability

Microsoft CVE-2017-0022: Microsoft XML Core Services Information Disclosure Vulnerability

Description

Solution(s)

References

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.