CVE-2018-0878

LOW EPSS 97.4%
Published Mar 14, 20188y ago · Modified Jun 17, 20262w ago
3.1 CVSS 3.1
Low
Find Similar
Published Mar 14, 2018 8y ago
Last Modified Jun 17, 2026 2w ago

Description

Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".

CVSS Details

Base Score
3.1
Exploitability
1.6
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
97.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-611

Affected Products 14

VendorProductVersionRange
microsoftwindows_10*any
microsoftwindows_101511any
microsoftwindows_101607any
microsoftwindows_101703any
microsoftwindows_101709any
microsoftwindows_7*any
microsoftwindows_8.1*any
microsoftwindows_rt_8.1*any
microsoftwindows_server_2008*any
microsoftwindows_server_2008r2any
microsoftwindows_server_2012*any
microsoftwindows_server_2012r2any
microsoftwindows_server_2016*any
microsoftwindows_server_20161709any

References 4

  • securityfocus.com http://www.securityfocus.com/bid/103230
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1040519
    Third Party AdvisoryVDB Entry
  • portal.msrc.microsoft.com https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878
    PatchVendor Advisory
  • exploit-db.com https://www.exploit-db.com/exploits/44352/
    Third Party AdvisoryVDB Entry

Remediation

  • portal.msrc.microsoft.com https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878
    PatchVendor Advisory