CVE-2020-37192
XML External Entity Injection in MSN Password Recovery 1.30 Enables Local File Disclosure
Publication date: 2026-02-11
Last updated on: 2026-02-12
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| msn_password_recovery | msn_password_recovery | to 1.30 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-611 | The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "MSN Password Recovery version 1.30 contains an XML External Entity (XXE) injection vulnerability. This flaw allows attackers to craft malicious XML input that references external entities, which the application improperly processes. By exploiting the 'Favorites' tab, an attacker can inject a specially crafted XML file that causes the application to read and disclose local system files."}, {'type': 'paragraph', 'content': 'The vulnerability arises from improper handling of XML input, enabling external entity references to access and leak sensitive local files and system configuration information.'}] [1, 2]
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive local system files and configuration information. An attacker exploiting this flaw can read files on the affected system without proper authorization.
Such information disclosure can compromise system security by revealing sensitive data that could be used for further attacks or to gain deeper access to the system.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the XML External Entity (XXE) injection in MSN Password Recovery 1.30. A practical detection method involves creating a malicious XML file that references a local system file and observing if the application processes it and leaks the file contents.'}, {'type': 'paragraph', 'content': "Specifically, you can create an XML file (e.g., XXE.xml) that defines an external entity referencing a local file such as C:\\Windows\\win.ini, and an external DTD file served by a local HTTP server. Then, open MSN Password Recovery, navigate to the 'Favorites' tab, and load the malicious XML file using a file URI scheme (e.g., file:///C:/path/to/XXE.xml). If the application sends the contents of the local file to the HTTP server, the vulnerability is present."}, {'type': 'paragraph', 'content': "To set up the detection environment, you can use Python's SimpleHTTPServer module (or http.server in Python 3) to serve the malicious DTD file and capture exfiltrated data on port 8000."}, {'type': 'paragraph', 'content': 'Example commands to set up the HTTP server and detect the vulnerability:'}, {'type': 'list_item', 'content': 'Create the malicious XML file (XXE.xml) referencing an external DTD.'}, {'type': 'list_item', 'content': 'Create the external DTD file (Payload.dtd) that reads a local file and sends it to your server.'}, {'type': 'list_item', 'content': 'Start a simple HTTP server in the directory containing Payload.dtd using: python -m http.server 8000'}, {'type': 'list_item', 'content': "Open MSN Password Recovery, go to the 'Favorites' tab, and add the path to XXE.xml using the file URI scheme."}, {'type': 'list_item', 'content': "Click the 'View' button and monitor the HTTP server logs for incoming requests containing local file contents."}] [1]
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'Immediate mitigation steps include avoiding the use of MSN Password Recovery version 1.30 or earlier until a patch is available, as the vulnerability arises from improper XML input handling.'}, {'type': 'paragraph', 'content': "If you must use the software, do not load untrusted or external XML files, especially through the 'Favorites' tab, to prevent exploitation via malicious XML input."}, {'type': 'paragraph', 'content': 'Additionally, restrict network access to prevent the application from communicating with external or local HTTP servers that could be used to exfiltrate data.'}, {'type': 'paragraph', 'content': 'Consider running the application with the least privileges possible to limit the impact of any potential exploitation.'}] [1, 2]