CVE-2018-0878 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA-ADP	ADP	3.1 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_7	-
microsoft	windows_8.1	*
microsoft	windows_rt_8.1	-
microsoft	windows_server_2008	-
microsoft	windows_server_2012	-
microsoft	windows_server_2016	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB4088786
1511 (x64, x86)	KB4088779
1607 (x64, x86)	KB4088787
1703 (x64, x86)	KB4088782
1709 (x64, x86)	KB4088776

Windows 7

Service Pack 1 (x64, x86)

Windows 8.1

(x64, x86)

Windows RT 8.1

All

Windows Server

1709 Server Core

Windows Server 2008

Service Pack 2 (x64, x86)	KB4089453
Service Pack 2 Server Core (x64, x86)	KB4089453

Windows Server 2008 R2

Service Pack 1 (x64)	KB4088878
Service Pack 1 Server Core (x64)	KB4088878

Windows Server 2012

Server Core	KB4088880
Standard	KB4088880

Windows Server 2012 R2

Server Core	KB4088879
Standard	KB4088879

Windows Server 2016

Server Core	KB4088787
Standard	KB4088787

Common Weakness Enumeration

CWE-611 - Improper Restriction of XML External Entity Reference
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

References

http://www.securityfocus.com/bid/103230

http://www.securitytracker.com/id/1040519

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878

https://www.exploit-db.com/exploits/44352/

http://www.securityfocus.com/bid/103230

http://www.securitytracker.com/id/1040519

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878

https://www.exploit-db.com/exploits/44352/