CVE-2017-0022 — Vulnetix

Try Vulnetix Request Demo

CVE-2017-0022 PUBLISHED KEV CVSS 4.300000190734863 MEDIUM

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

EPSS 44.11% · 97.5th percentile

Risk Scores

CVSS v2.0

4.300000190734863

EPSS Score

44.11%

97.5th percentile

Affected Products

Vendor	Product	Versions
microsoft	xml_core_services	3.0, 3.0
microsoft	windows_server_2012	r2, r2
microsoft	windows_server_2008	r2, r2
microsoft	windows_8.1
Microsoft Corporation	XML Core Services	XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2

Timeline

Mar 14, 2017 VulnCheck KEV Exploitation
Mar 14, 2017 PoC Published
Mar 15, 2017 CVE Published
May 19, 2017 PoC Published
May 22, 2017 PoC Published
Oct 9, 2020 PoC Published
Apr 14, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
May 24, 2022 CISA KEV Added

References

Open in Interactive Console →