CVE-2018-8533

MEDIUM

Microsoft SQL Server Management Studio <18 - Info Disclosure

Title source: llm
STIX 2.1

Description

An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.

Exploits (1)

exploitdb WORKING POC VERIFIED
by hyp3rlinx · textlocalwindows
https://www.exploit-db.com/exploits/45583

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/45583/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1041826
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105476

Scores

CVSS v3 5.5
EPSS 0.4785
EPSS Percentile 97.7%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-611
Status published
Products (2)
microsoft/sql_server_management_studio 17.9
microsoft/sql_server_management_studio 18.0
Published Oct 10, 2018
Tracked Since Feb 18, 2026