GSD-2017-0022 — Vulnetix

Try Vulnetix Request Demo

GSD-2017-0022 PUBLISHED CVSS 6.5 MEDIUM

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Microsoft Corporation	XML Core Services	XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2

Timeline

Feb 20, 2017 CVE Published
May 19, 2017 PoC Published
May 22, 2017 PoC Published
Oct 9, 2020 PoC Published
Jun 14, 2023 PoC Published
Dec 24, 2024 PoC Published
Feb 21, 2025 PoC Published
Feb 23, 2025 PoC Published
Feb 2, 2026 PoC Published
Apr 16, 2026 Security Advisory

References

Open in Interactive Console →