Microsoft · Windows Event Viewer · CVE-2019-0948
**Name of the Vulnerable Software and Affected Versions**
Windows Event Viewer (eventvwr.msc) (affected versions not specified)
**Description**
The issue is related to an information disclosure problem in the Windows Event Viewer, which improperly handles XML input. This can be exploited by an attacker using a specially crafted XML file to read arbitrary files, potentially allowing access to sensitive information. The vulnerability is associated with the improper parsing of XML input containing a reference to an external entity.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.