Lucene search
John Page (aka hyp3rlinx) - ApparitionSecZDI-18-1133HistoryOct 10, 2018 - 12:00 a.m.
Microsoft SQL Server Management Studio regsrvr File XML External Entity Processing Information Disclosure Vulnerability
2018-10-1000:00:00
John Page (aka hyp3rlinx) - ApparitionSec
www.zerodayinitiative.com
10
0.003 Low
EPSS
Percentile
66.3%
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft SQL Server Management Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of REGSRVR files. Due to the improper restriction of XML External Entity (XXE) references, a specially crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process.
Related
zdt
zdt
packetstorm
packetstorm
Microsoft SQL Server Management Studio 17.9 / 18.0 Preview 4 XML Injection
2018-10-11 00:00:00
exploitpack
exploitpack
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
2018-10-11 00:00:00
symantec
symantec
mscve
mscve
SQL Server Management Studio Information Disclosure Vulnerability
2018-10-09 07:00:00
exploitdb
exploitdb
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
2018-10-11 00:00:00
nvd
nvd
nessus
nessus
cvelist
cvelist
kaspersky
kaspersky
KLA11888 Multiple vulnerabilties in Microsoft SQL Server
2018-10-09 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
prion
prion
Information disclosure
2018-10-10 13:29:00
Information disclosure
2018-10-10 13:29:00
Information disclosure
2018-10-10 13:29:00
talosblog
talosblog