CVE-2013-7331

MEDIUMCVSS 6.5

6.5

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

🔗 References (11)

cve@mitrehttp://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
cve@mitrehttp://www.kb.cert.org/vuls/id/539289
cve@mitrehttp://www.securitytracker.com/id/1030818
cve@mitrehttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052
cve@mitrehttps://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
af854a3a-2127-422b-91ae-364da2661108http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/539289
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030818
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052
af854a3a-2127-422b-91ae-364da2661108https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331

Is Your Infrastructure Affected by CVE-2013-7331?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2013-7331

📅 Published

🔄 Last Modified

🔗 References (11)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2013-7331?