Microsoft CVE-2017-0045: Windows DVD Maker Cross-Site Request Forgery Vulnerability
Description
An information disclosure vulnerability exists in Windows when Windows DVD Maker fails to properly parse a specially crafted .msdvd file. An attacker who successfully exploited the vulnerability could obtain information to further compromise a target system. To exploit the vulnerability, an attacker would have to either log on locally to an affected system or convince a locally authenticated user to execute a specially crafted application. The security update addresses the vulnerability by correcting how Windows DVD Maker parses files.
Solution(s)
- msft-kb3205715-52390819-a498-4d1b-b6bd-8648fc50092a
- msft-kb3205715-ea6f2d42-278f-4b0b-ac51-665351eb245e
- msft-kb4012212-13c36c25-fee4-429f-933e-f93ebfbb91f5
- msft-kb4012212-36e1591a-f6d3-44d2-aa25-540234b7eb36
- msft-kb4012212-4ee6f09d-38d9-47ef-8ba9-dd802352b8ee
- msft-kb4012212-652eea96-c2e8-4548-8f9a-40964e5e6a74
- msft-kb4012212-c682d11d-fc2e-4852-9da7-c2198958bf6c
- msft-kb4012212-fb31138f-b6a5-499c-9eb6-5b5f9fff6bfd
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center