Main Vulnerability Database Exploits ID:6116 - Exploit for XXE attack in Microsoft SQL Server Management Studio - CVE-2018-8533

ID:6116 - Exploit for XXE attack in Microsoft SQL Server Management Studio - CVE-2018-8533

Published: June 17, 2021

Vulnerability identifier: #VU15263

Vulnerability risk: Low

CVE-ID: CVE-2018-8533

CWE-ID: CWE-611

Exploitation vector: Remote access

Vulnerable software:
Microsoft SQL Server Management Studio

Link to public exploit:

https://www.exploit-db.com/exploits/45583/

Vulnerability description

The vulnerability allows a remote attacker to conduct XXE-attack.

The vulnerability exists due to an error when parsing a malicious REGSRVR file containing a reference to an external entity. A remote attacker can trick the victim into opening a specially crafted XML file and gain access to potentially sensitive information.

Remediation

Install updates from vendor's website.

ID:6116 - Exploit for XXE attack in Microsoft SQL Server Management Studio - CVE-2018-8533

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human