vulnerability
Microsoft CVE-2017-0045: Windows DVD Maker Cross-Site Request Forgery Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Mar 14, 2017 | Mar 14, 2017 | Aug 23, 2019 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Mar 14, 2017
Added
Mar 14, 2017
Modified
Aug 23, 2019
Description
An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system.
To exploit the vulnerability, an attacker would have to either log on locally to an affected system or convince a locally authenticated user to execute a specially crafted application.
The security update addresses the vulnerability by correcting how Windows DVD Maker parses files.
Solution(s)
msft-kb3205715-52390819-a498-4d1b-b6bd-8648fc50092amsft-kb3205715-ea6f2d42-278f-4b0b-ac51-665351eb245emsft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8eemsft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6cmsft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.