CVE-2018-0878
LOW EPSS 97.4%
Published Mar 14, 20188y ago · Modified Jun 17, 20262w ago
3.1 CVSS 3.1
Published Mar 14, 2018 8y ago
Last Modified Jun 17, 2026 2w ago
Description
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability".
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability None
Threat Intelligence
EPSS Exploit Probability
97.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 1
CWE-611
Affected Products 14
| Vendor | Product | Version | Range |
|---|---|---|---|
| microsoft | windows_10 | * | any |
| microsoft | windows_10 | 1511 | any |
| microsoft | windows_10 | 1607 | any |
| microsoft | windows_10 | 1703 | any |
| microsoft | windows_10 | 1709 | any |
| microsoft | windows_7 | * | any |
| microsoft | windows_8.1 | * | any |
| microsoft | windows_rt_8.1 | * | any |
| microsoft | windows_server_2008 | * | any |
| microsoft | windows_server_2008 | r2 | any |
| microsoft | windows_server_2012 | * | any |
| microsoft | windows_server_2012 | r2 | any |
| microsoft | windows_server_2016 | * | any |
| microsoft | windows_server_2016 | 1709 | any |
References 4
- securityfocus.com http://www.securityfocus.com/bid/103230
- securitytracker.com http://www.securitytracker.com/id/1040519
- portal.msrc.microsoft.com https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878
- exploit-db.com https://www.exploit-db.com/exploits/44352/
Remediation
- portal.msrc.microsoft.com https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878