Main Vulnerability Database Vulnerabilities #VU11062

#VU11062 XXE attack in Windows and Windows Server - CVE-2018-0878

Published: March 13, 2018 / Updated: June 17, 2021

Vulnerability identifier: #VU11062

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2018-0878

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to perform XXE attack on the target system.

The vulnerability exists due to Windows Remote Assistance incorrectly processes XML External Entities (XXE). A remote attacker can send a specially crafted Remote Assistance invitation file to a user and then steal text files from known locations on the victim's machine, under the context of the user, or alternatively, steal text information from URLs accessible to the victim.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878

#VU11062 XXE attack in Windows and Windows Server - CVE-2018-0878

Description

Remediation

External links

Please verify you're human