CVE-2013-7331
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames,...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- February 25, 2014
- Published Date
- February 26, 2014
- Last Updated
- February 10, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
CVSS Scores
CVSS v3.1
6.5 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2022-05-25 00:00:00 UTC) Source
References
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
http://www.securitytracker.com/id/1030818
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052
http://www.kb.cert.org/vuls/id/539289
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-05-25 00:00:00 UTC |