Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-0045Cross-Site Request Forgery in Corporation Windows DVD Maker

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
3.6%
top 12.13%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
6
Microsoft Corporation Windows DVD MakerMicrosoft Windows Server 2008Msrc Windows 7 FOR 32-bit Systems Service Pack 1+3 more
Timeline
PublishedMar 17
Latest updateMay 17

Description

Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5microsoft_corporation/windows_dvd_makerWindows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-8x5p-qjg7-wv4q: Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection2017-03-16

📋Vendor Advisories

1
Microsoft
Windows DVD Maker XML External Entity Information Disclosure Vulnerability2017-03-14