cvedb.io
CVE-2017-8710
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2017-09-13T01:29:10.613 · Last modified 2026-06-17T01:26:49.733

Summary

The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity (XXE) declaration, due to the way that the Microsoft Common Console Document (.msc) parses XML input containing a reference to an external entity, aka "Windows Information Disclosure Vulnerability".

Affected products

microsoft — windows_7

Does this affect you?

Add your gear to cvedb and we'll alert you only when microsoft ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.