CVE-2018-0878 is the identifier of an information disclosure vulnerability that exists in Windows Remote Assistance. The flaw is triggered when WRA incorrectly processes XML External Entities (XXE). An attacker who successfully exploits the flaw could obtain information further abuse the compromised system.
It appears that security researcher Nabeel Ahmed came across the vulnerability in February, 2017, and reported it to Microsoft in October the same year. A patch for CVE-2018-0878 was recently included in March 2018 Patch Tuesday.
CVE-2018-0878 Technical Details
What is needed to exploit the vulnerability? An attacker would need to send a specially crafted Remote Assistance invitation file to a user, Microsoft explains in a security advisory. Then the attacker could steal text files from known locations on the compromised system, under the context of the user, or in other cases, the attacker could steal text information from URLs accessible to the user.
The stolen information could be submitted as part of the URL in HTTP request(s) to the attacker. In all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action.
It should also be noted that this information disclosure vulnerability is not sufficient by itself for an attacker to compromise a system. However, if the flaw is combined it with other ones, an exploit would be possible.
How Is CVE-2018-0878 Useful to Attackers?
One way attackers could deploy this flaw in their malicious scenarios is when they need to recover files with sensitive information which are known to be present on the targeted system. These files can be logs, backups, database files, and any other files that contain passwords or configuration options
The flaw can’t be exploited by itself which means that it is highly unlikely for it to be leveraged in massively scaled attacks. This makes CVE-2018-0878 perfect for low profile, targeted attacks where the victim is persuaded they need technical support of some sort.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: