A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka MS XML Remote Code Execution Vulnerability. This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Weakness
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Windows_10 | Microsoft | - (including) | - (including) |
| Windows_10 | Microsoft | 1607 (including) | 1607 (including) |
| Windows_10 | Microsoft | 1703 (including) | 1703 (including) |
| Windows_10 | Microsoft | 1709 (including) | 1709 (including) |
| Windows_10 | Microsoft | 1803 (including) | 1803 (including) |
| Windows_7 | Microsoft | –sp1 (including) | –sp1 (including) |
| Windows_8.1 | Microsoft | - (including) | - (including) |
| Windows_server | Microsoft | 2008-r2 (including) | 2008-r2 (including) |
| Windows_server | Microsoft | 2008-sp2 (including) | 2008-sp2 (including) |
| Windows_server | Microsoft | 2012 (including) | 2012 (including) |
| Windows_server | Microsoft | 2012-r2 (including) | 2012-r2 (including) |
| Windows_server | Microsoft | 2016 (including) | 2016 (including) |
| Windows_server | Microsoft | 2016-1709 (including) | 2016-1709 (including) |
| Windows_server | Microsoft | 2016-1803 (including) | 2016-1803 (including) |
Potential Mitigations
Related Attack Patterns
References
- http://www.securityfocus.com/bid/105259
- http://www.securitytracker.com/id/1041627
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8420
- http://www.securityfocus.com/bid/105259
- http://www.securitytracker.com/id/1041627
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8420