CVE-2018-8532

MEDIUM

Microsoft SQL Server Management Studio <18.0 - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textlocalwindows

https://www.exploit-db.com/exploits/45587

View Code ZIP pw:eip

References (4)

Core 4

Core References

Patch, Vendor Advisory x_refsource_confirm

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8532

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1041826

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105475

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45587/

Scores

CVSS v3 5.5

EPSS 0.4785

EPSS Percentile 97.7%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-611

Status published

Products (2)

microsoft/sql_server_management_studio 17.9

microsoft/sql_server_management_studio 18.0

Published Oct 10, 2018

Tracked Since Feb 18, 2026