Back to CVE Browser

CVE-2017-0022

Known Exploited (CISA KEV)MEDIUM

6.5

CVSS Severity Score

EPSS Score71.2190%

EPSS Percentile93.79th

PublishedMar 17, 2017

Last ModifiedApr 22, 2026

Vulnerability Description

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

Affected Platforms (CPE)

📦

Microsoft

Xml Core Services

= 3.0

💻

Microsoft

Windows 8.1

All versions

💻

Microsoft

Windows Server 2008

= r2

💻

Microsoft

Windows Server 2012

All versions

💻

Microsoft

Windows Server 2012

= r2

References & Advisories

🔗 http://www.securityfocus.com/bid/96069

🔗 http://www.securitytracker.com/id/1038014

🔗 https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022

🔗 http://www.securityfocus.com/bid/96069

🔗 http://www.securitytracker.com/id/1038014

🔗 https://0patch.blogspot.com/2017/09/exploit-kit-rendezvous-and-cve-2017-0022.html

🔗 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0022

Related Vulnerabilities

CVE-2007-22239.3

Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method...

CVE-2010-25619.3

Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle HTTP responses, which allows remote attackers to execute arbi...

CVE-2007-00999.3

Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, all...

CVE-2013-00079.3

Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to ex...