Описание
SQL Server Management Studio Information Disclosure Vulnerability
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity declaration.
To exploit the vulnerability, an attacker must entice a user on an affected SSMS server to open a specially crafted XEL file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and then convincing the user to open the file. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file designed to exploit the vulnerability. An attacker would have no way to force a user to visit the website. Instead, an attacker would have to convince a user to click a link and open the specially crafted file.
The security update addresses the vulnerability by correcting how SQL Server Management Studio parses XML input.
Обходное решение
Users who are unable to clean-install SSMS 17.9 can protect themselves from this vulnerability by disabling DTD processing of XML query results by following these steps:
- On the Tools menu, click Options.
- In the Options, select Text Editor, select XML, and then select Miscellaneous.
- Under Network, clear the Automatically download DTDs and schemas check box.
Impact of Workaround
SSMS will not automatically process XML, XEL, or XMLA files.
FAQ
1. What type of information could be disclosed by this vulnerability?
The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from file system.
2. How can I ensure my computer is protected from this vulnerability?
For all versions of SQL Server Management Studio installed on this computer, you can protect your system from this vulnerability by disabling DTD processing of XML query results. Please follow the steps described in the Workaround section.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.
Уязвимость системы управления базами данных Microsoft SQL Server Management Studio, связанная с ошибками ограничений XML-ссылок на внешние объекты (XXE), позволяющая раскрыть защищаемую информацию
EPSS