5.5
CVSSv3

CVE-2018-8532

Published: 10/10/2018 Updated: 21/11/2024

Vulnerability Summary

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft sql server management studio 17.9

microsoft sql server management studio 18.0

Exploits

# Exploit Title: Microsoft SQL Server Management Studio 179 - 'xmla' XML External Entity Injection # Date: 2018-10-10 # Author: John Page (aka hyp3rlinx) # Website: hyp3rlinxaltervistaorg # Venodor: wwwmicrosoftcom # Software: SQL Server Management Studio 179 and SQL Server Management Studio 180 (Preview 4) # CVE: CVE-2018-8532 # Referenc ...
Microsoft SQL Server Management Studio versions 179 and 180 Preview 4 suffer from an xmla filetype XML external entity injection vulnerability ...

Mailing Lists

[+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinxaltervistaorg [+] Source: hyp3rlinxaltervistaorg/advisories/MICROSOFT-SQL-SERVER-MGMT-STUDIO-XMLA-FILETYPE-XML-INJECTION-CVE-2018-8532txt [+] ISR: ApparitionSec [+] Zero Day Initiative Program [Vendor] wwwmicrosoftcom [Product] SQL Server Management Studio 179 SQL Se ...