CYBER NEWS

CVE-2018-0878 in Windows Remote Assistance Discovered

CVE-2018-0878 is the identifier of an information disclosure vulnerability that exists in Windows Remote Assistance. The flaw is triggered when WRA incorrectly processes XML External Entities (XXE). An attacker who successfully exploits the flaw could obtain information further abuse the compromised system.

It appears that security researcher Nabeel Ahmed came across the vulnerability in February, 2017, and reported it to Microsoft in October the same year. A patch for CVE-2018-0878 was recently included in March 2018 Patch Tuesday.

Related Story: CVE-2018-0886 Critical Flaw Affects All Windows Versions

CVE-2018-0878 Technical Details

What is needed to exploit the vulnerability? An attacker would need to send a specially crafted Remote Assistance invitation file to a user, Microsoft explains in a security advisory. Then the attacker could steal text files from known locations on the compromised system, under the context of the user, or in other cases, the attacker could steal text information from URLs accessible to the user.

The stolen information could be submitted as part of the URL in HTTP request(s) to the attacker. In all cases an attacker would have no way to force a user to view the attacker-controlled content. Instead, an attacker would have to convince a user to take action.

It should also be noted that this information disclosure vulnerability is not sufficient by itself for an attacker to compromise a system. However, if the flaw is combined it with other ones, an exploit would be possible.

How Is CVE-2018-0878 Useful to Attackers?

One way attackers could deploy this flaw in their malicious scenarios is when they need to recover files with sensitive information which are known to be present on the targeted system. These files can be logs, backups, database files, and any other files that contain passwords or configuration options

Related Story: Microsoft Fails to Fix Edge Bug on Time – Google Makes It Public

The flaw can’t be exploited by itself which means that it is highly unlikely for it to be leveraged in massively scaled attacks. This makes CVE-2018-0878 perfect for low profile, targeted attacks where the victim is persuaded they need technical support of some sort.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...