Main Vulnerability Database Exploits ID:6240 - Exploit for XXE attack in Windows and Windows Server - CVE-2018-0878

ID:6240 - Exploit for XXE attack in Windows and Windows Server - CVE-2018-0878

Published: June 17, 2021

Vulnerability identifier: #VU11062

Vulnerability risk: Low

CVE-ID: CVE-2018-0878

CWE-ID: CWE-611

Exploitation vector: Remote access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://www.exploit-db.com/exploits/44352/

Vulnerability description

The vulnerability allows a remote attacker to perform XXE attack on the target system.

The vulnerability exists due to Windows Remote Assistance incorrectly processes XML External Entities (XXE). A remote attacker can send a specially crafted Remote Assistance invitation file to a user and then steal text files from known locations on the victim's machine, under the context of the user, or alternatively, steal text information from URLs accessible to the victim.

Remediation

Install updates from vendor's website.

ID:6240 - Exploit for XXE attack in Windows and Windows Server - CVE-2018-0878

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human