Vulnerability Description
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 7 | All versions |
| Microsoft | Windows Server 2008 | All versions |
| Microsoft | Windows Vista | All versions |
Related Weaknesses (CWE)
References
- http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTIExploitThird Party Advisory
- http://www.securityfocus.com/bid/96103Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038015
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045PatchVendor Advisory
- https://www.exploit-db.com/exploits/41619/
- http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTIExploitThird Party Advisory
- http://www.securityfocus.com/bid/96103Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1038015
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045PatchVendor Advisory
- https://www.exploit-db.com/exploits/41619/
FAQ
What is CVE-2017-0045?
CVE-2017-0045 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a...
How severe is CVE-2017-0045?
CVE-2017-0045 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-0045?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 7, Microsoft Windows Server 2008, Microsoft Windows Vista.