CVE-2018-1000828 - Improper Restriction of XML External Entity Reference

Severity

90%

Complexity

22%

Confidentiality

100%

CVSS 3.1 Base Score 9. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

FrostWire

First reported 6 years ago

2018-12-20 15:29:00

Last updated 5 years ago

2019-10-24 12:31:00

Affected Software

FrostWire 1.9.9 Build 246 for Desktop

1.9.9
desktop

FrostWire 1.9.9 Build 247 for Desktop

1.9.9
desktop

FrostWire 2.0.7 Build 263 for Desktop

2.0.7
desktop

FrostWire 6.1.6 Build 166 for Desktop

6.1.6
desktop

FrostWire 6.1.6 Build 167 for Desktop

6.1.6
desktop

FrostWire 6.1.7 Build 168 for Desktop

6.1.7
desktop

FrostWire 6.1.8 Build 169 for Desktop

6.1.8
desktop

FrostWire 6.1.9 Build 172 for Desktop

6.1.9
desktop

FrostWire 6.2.0 Build 173 for Desktop

6.2.0
desktop

FrostWire 6.2.0 Build 174 for Desktop

6.2.0
desktop

FrostWire 6.2.1 Build 175 for Desktop

6.2.1
desktop

FrostWire 6.2.2 Build 176 for Desktop

6.2.2
desktop

FrostWire 6.2.3 Build 177 for Desktop

6.2.3
desktop

FrostWire 6.2.3 Build 178 for Desktop

6.2.3
desktop

FrostWire 6.2.4 Build 179 for Desktop

6.2.4
desktop

FrostWire 6.3.0 Build 180 for Desktop

6.3.0
desktop

FrostWire 6.3.0 Build 181 for Desktop

6.3.0
desktop

FrostWire 6.3.0 Build 182 for Desktop

6.3.0
desktop

FrostWire 6.3.0 Build 183 for Desktop

6.3.0
desktop

FrostWire 6.3.0 Build 184 for Desktop

6.3.0
desktop

FrostWire 6.3.0 Build 185 for Desktop

6.3.0
desktop

FrostWire 6.3.1 Build 186 for Desktop

6.3.1
desktop

FrostWire 6.3.2 Build 187 for Desktop

6.3.2
desktop

FrostWire 6.3.2 Build 188 for Desktop

6.3.2
desktop

FrostWire 6.3.3 Build 189 for Desktop

6.3.3
desktop

FrostWire 6.3.3 Build 190 for Desktop

6.3.3
desktop

FrostWire 6.3.3 Build 193 for Desktop

6.3.3
desktop

FrostWire 6.3.3 Build 255 for Desktop

6.3.3
desktop

FrostWire 6.3.4 Build 193 for Desktop

6.3.4
desktop

FrostWire 6.3.4 Build 194 for Desktop

6.3.4
desktop

FrostWire 6.3.5 Build 195 for Desktop

6.3.5
desktop

FrostWire 6.3.5 Build 197 for Desktop

6.3.5
desktop

FrostWire 6.3.5 Build 198 for Desktop

6.3.5
desktop

FrostWire 6.3.6 Build 201 for Desktop

6.3.6
desktop

FrostWire 6.3.6 Build 202 for Desktop

6.3.6
desktop

FrostWire 6.3.7 Build 203 for Desktop

6.3.7
desktop

FrostWire 6.3.7 Build 204 for Desktop

6.3.7
desktop

FrostWire 6.3.7 Build 205 for Desktop

6.3.7
desktop

FrostWire 6.3.7 Build 206 for Desktop

6.3.7
desktop

FrostWire 6.4.0 Build 207 for Desktop

6.4.0
desktop

FrostWire 6.4.0 Build 208 for Desktop

6.4.0
desktop

FrostWire 6.4.1 Build 209 for Desktop

6.4.1
desktop

FrostWire 6.4.1 Build 210 for Desktop

6.4.1
desktop

FrostWire 6.4.2 Build 212 for Desktop

6.4.2
desktop

FrostWire 6.4.3 Build 214 for Desktop

6.4.3
desktop

FrostWire 6.4.4 Build 215 for Desktop

6.4.4
desktop

FrostWire 6.4.5 Build 218 for Desktop

6.4.5
desktop

FrostWire 6.4.5 Build 219 for Desktop

6.4.5
desktop

FrostWire 6.4.5 Build 220 for Desktop

6.4.5
desktop

FrostWire 6.4.5 Build 221 for Desktop

6.4.5
desktop

FrostWire 6.4.5 Build 222 for Desktop

6.4.5
desktop

FrostWire 6.4.6 Build 223 for Desktop

6.4.6
desktop

FrostWire 6.4.6 Build 227 for Desktop

6.4.6
desktop

FrostWire 6.4.7 Build 228 for Desktop

6.4.7
desktop

FrostWire 6.4.7 Build 229 for Desktop

6.4.7
desktop

FrostWire 6.4.8 Build 230 for Desktop

6.4.8
desktop

FrostWire 6.4.8 Build 232 for Desktop

6.4.8
desktop

FrostWire 6.4.8 Build 233 for Desktop

6.4.8
desktop

FrostWire 6.4.8 Build 234 for Desktop

6.4.8
desktop

FrostWire 6.4.9 Build 235 for Desktop

6.4.9
desktop

FrostWire 6.5.0 Build 236 for Desktop

6.5.0
desktop

FrostWire 6.5.1 Build 238 for Desktop

6.5.1
desktop

FrostWire 6.5.2 Build 239 for Desktop

6.5.2
desktop

FrostWire 6.5.3 Build 240 for Desktop

6.5.3
desktop

FrostWire 6.5.4 Build 241 for Desktop

6.5.4
desktop

FrostWire 6.5.5 Build 242 for Desktop

6.5.5
desktop

FrostWire 6.5.5 Build 243 for Desktop

6.5.5
desktop

FrostWire 6.5.8 Build 244 for Desktop

6.5.8
desktop

FrostWire 6.5.8 Build 245 for Desktop

6.5.8
desktop

FrostWire 6.5.9 Build 246 for Desktop

6.5.9
desktop

FrostWire 6.6.0 Build 248 for Desktop

6.6.0
desktop

FrostWire 6.6.1 Build 249 for Desktop

6.6.1
desktop

FrostWire 6.6.2 Build 250 for Desktop

6.6.2
desktop

FrostWire 6.6.2 Build 251 for Desktop

6.6.2
desktop

FrostWire 6.6.3 Build 252 for Desktop

6.6.3
desktop

FrostWire 6.6.3 Build 253 for Desktop

6.6.3
desktop

FrostWire 6.6.4 Build 256 for Desktop

6.6.4
desktop

FrostWire 6.6.5 Build 257 for Desktop

6.6.5
desktop

FrostWire 6.6.6 Build 258 for Desktop

6.6.6
desktop

FrostWire 6.6.7 Build 529 for Desktop

6.6.7
desktop

FrostWire 6.6.8 Build 260 for Desktop

6.6.8
desktop

FrostWire 6.7.0 Build 261 for Desktop

6.7.0
desktop

FrostWire 6.7.0 Build 262 for Desktop

6.7.0
desktop

FrostWire 6.7.0 Build 264 for Desktop

6.7.0
desktop

FrostWire 6.7.0 Build 265 hotfix for Desktop

6.7.0
desktop

FrostWire 6.7.1 Build 266 for Desktop

6.7.1
desktop

FrostWire 6.7.1 Build 267 for Desktop

6.7.1
desktop

FrostWire 6.7.1 Build 268 for Desktop

6.7.1
desktop

FrostWire 6.7.2 Build 269 for Desktop

6.7.2
desktop

FrostWire 6.7.2 Build 270 for Desktop

6.7.2
desktop

FrostWire 6.7.3 Build 271 for Desktop

6.7.3
desktop

FrostWire 6.7.4 Build 272 for Desktop

6.7.4
desktop

References

https://0dd.zone/2018/10/28/frostwire-XXE-MitM/

Third Party Advisory

https://github.com/frostwire/frostwire/issues/829

Issue Tracking, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.