(CVE-2017-8463) - Multiple elevation of privilege vulnerabilities exist in the Microsoft Graphics component due to improper handling of objects in memory. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially crafted file, to execute arbitrary code in the context of the current user. (CVE-2017-0170) - A remote code execution vulnerability exists in Windows Explorer due to improper handling of executable files and shares during rename operations. An unauthenticated, remote attacker can exploit this, by convincing a user to create a Data Collector Set and import a specially crafted XML file, to disclose arbitrary files via an XML external entity (XXE) declaration. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists in the Windows Performance Monitor Console due to improper parsing of XML input that contains a reference to an external entity. Description The remote Windows 10 version 1703 host is missing security update KB4025342. Synopsis The remote Windows host is affected by multiple vulnerabilities. Severity display preferences can be toggled in the settings dropdown.
Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. The calculated severity for Plugins has been updated to use CVSS v3 by default.
