Published: 10/10/2018 Updated: 27/11/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Subscribe to Sql Server Management Studio

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft sql server management studio 18.0
microsoft sql server management studio 17.9

# Exploit Title: Microsoft SQL Server Management Studio 179 - XML External Entity Injection # Date: 2018-10-10 # Author: John Page (aka hyp3rlinx) # Website: hyp3rlinxaltervistaorg # Venodor: wwwmicrosoftcom # Software: SQL Server Management Studio 179 and SQL Server Management Studio 180 (Preview 4) # CVE: CVE-2018-8533 # References: # h ...

Microsoft SQL Server Management Studio versions 179 and 180 Preview 4 suffer from a REGSRVR filehandling XML external entity injection vulnerability ...

CWE-611 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8533 http://www.securitytracker.com/id/1041826 http://www.securityfocus.com/bid/105476 https://www.exploit-db.com/exploits/45583/https://nvd.nist.gov https://www.exploit-db.com/exploits/45583/

CVE-2018-8533

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect