CVE-2018-8532

MEDIUM

Microsoft SQL Server Management Studio <18.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-8532. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates an XXE (XML External Entity) injection vulnerability in Microsoft SQL Server Management Studio 17.9 and 18.0 (Preview 4) via a crafted '.xmla' file. The PoC leverages external entity references to exfiltrate local file contents (e.g., C:\Windows\system.ini) to an attacker-controlled server.

Description

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/45587

View Code ZIP pw:eip

This exploit demonstrates an XXE (XML External Entity) injection vulnerability in Microsoft SQL Server Management Studio 17.9 and 18.0 (Preview 4) via a crafted '.xmla' file. The PoC leverages external entity references to exfiltrate local file contents (e.g., C:\Windows\system.ini) to an attacker-controlled server.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft SQL Server Management Studio 17.9 and 18.0 (Preview 4)

No auth needed

Prerequisites: Victim must open the malicious '.xmla' file · Attacker must host a malicious DTD file and a server to capture exfiltrated data

MITRE ATT&CK

T1195.002 - Compromise Software Supply Chain

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041826

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105475

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45587/

Scores

CVSS v3 5.5

EPSS 0.2337

EPSS Percentile 97.5%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (2)

microsoft/sql_server_management_studio 17.9

microsoft/sql_server_management_studio 18.0

Published Oct 10, 2018

Tracked Since Feb 18, 2026