Rule Category

FILE-OTHER -- Snort detected traffic targeting vulnerabilities in a file type that does not require enough rule coverage to have its own category.

Alert Message

FILE-OTHER Multiple products external entity injection attempt

Rule Explanation

Multiple Microsoft products are vulnerable to external entity injection attacks. Impact: Administrative access to the victim's machine Details: This rule checks for external entity injection attacks in multiple Microsoft products. Ease of Attack:

What To Look For

Known Usage

No public information

False Positives

No known false positives

Contributors

Talos research team. This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology. For more information see [nvd].

MITRE ATT&CK Framework

Tactic:

Technique:

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org

CVE

Additional Links

Rule Vulnerability

CVE Additional Information

CVE-2015-1646
Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability."
Details
SeverityMEDIUM Base Score4.3
Impact Score2.9 Exploit Score8.6
Confidentiality ImpactPARTIAL Integrity ImpactNONE
Availability ImpactNONE Access Vector
AuthenticationNONE Ease of Access
CVE-2018-8527
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.
Details
Severity Base Score5.5
Impact Score3.6 Exploit Score1.8
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactNONE Access Vector
Authentication Ease of Access
CVE-2018-8532
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.
Details
Severity Base Score5.5
Impact Score3.6 Exploit Score1.8
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactNONE Access Vector
Authentication Ease of Access
CVE-2018-8533
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.
Details
Severity Base Score5.5
Impact Score3.6 Exploit Score1.8
Confidentiality ImpactHIGH Integrity ImpactNONE
Availability ImpactNONE Access Vector
Authentication Ease of Access