VDB
CVE-2017-0022
CVE-2017-0022
PUBLISHED
KEV
CVSS 4.300000190734863 MEDIUM
Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."
EPSS 36.69% · 97.2th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
36.69%
97.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | xml_core_services | 3.0, 3.0 |
| microsoft | windows_server_2012 | r2, r2 |
| microsoft | windows_server_2008 | r2, r2 |
| microsoft | windows_8.1 | |
| Microsoft Corporation | XML Core Services | XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 |
Exploit Intelligence
- https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html (nist-nvd)
- the name of virus is the detection of microsoft defender, is the tipic antivirus (github-poc)
- the name of virus is the detection of microsoft defender, is the tipic antivirus (github-poc)
- the name of virus is the detection of microsoft defender, is the tipic antivirus (github-poc)
- the name of virus is the detection of microsoft defender, is the tipic antivirus (github-poc)
- the name of virus is the detection of microsoft defender, is the tipic antivirus (github-poc)
- the name of virus is the detection of microsoft defender, is the tipic antivirus (github-poc)
- Install patch for CVE-2017-0145 AKA WannaCry. (github-poc)
- Install patch for CVE-2017-0145 AKA WannaCry. (github-poc)
- Install patch for CVE-2017-0145 AKA WannaCry. (github-poc)
…and 284 more exploits
Timeline
- Mar 14, 2017 VulnCheck KEV Exploitation
- Mar 14, 2017 PoC Published
- Mar 15, 2017 CVE Published
- May 19, 2017 PoC Published
- May 22, 2017 PoC Published
- Oct 9, 2020 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- May 24, 2022 CISA KEV Added
References
- 96069 vdb
- https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html url
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022 url
- 1038014 vdb
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0022 url
- https://technet.microsoft.com/fr-fr/library/security/MS17-022 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-009 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-010 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-008 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-011 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-017 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-015 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-021 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-019 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-012 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-016 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-020 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-013 advisory
- https://technet.microsoft.com/fr-fr/library/security/MS17-018 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2017-0022 advisory