CVE-2017-0170

MEDIUM

Microsoft Windows 10 - XXE

Title source: rule

Description

Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability due to the way it parses XML input, aka "Windows Performance Monitor Information Disclosure Vulnerability".

References (3)

Scores

CVSS v3 6.5
EPSS 0.1803
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-611
Status published
Products (12)
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_10
microsoft/windows_7
microsoft/windows_8.1
microsoft/windows_server_2008
microsoft/windows_server_2008
microsoft/windows_server_2012
microsoft/windows_server_2012
... and 2 more
Published Jul 11, 2017
Tracked Since Feb 18, 2026