SB2018100929 - Information disclosure in Microsoft SQL Server Management Studio
Published: October 9, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) XXE attack (CVE-ID: CVE-2018-8532)
The vulnerability allows a remote attacker to conduct XXE-attack.
The vulnerability exists due to an error when parsing a malicious XMLA file containing a reference to an external entity. A remote attacker can trick the victim into opening a specially crafted XML file and gain access to potentially sensitive information.
2) XXE attack (CVE-ID: CVE-2018-8533)
The vulnerability allows a remote attacker to conduct XXE-attack.
The vulnerability exists due to an error when parsing a malicious REGSRVR file containing a reference to an external entity. A remote attacker can trick the victim into opening a specially crafted XML file and gain access to potentially sensitive information.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532
- http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XMLA-FILETYPE-XML-INJECT...
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533
- http://hyp3rlinx.altervista.org/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-REGSRVR-FILES-XML-INJECT...