Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-7331

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2013-7331
Last Modified 13 Sep 2014 01:22:46
Published 26 Feb 2014 09:55:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-7331

Summary

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

Vulnerable Systems

Operating System

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

Application

  • Microsoft Internet Explorer 10

  • Microsoft Internet Explorer 11

  • Microsoft Internet Explorer 6

  • Microsoft Internet Explorer 7

  • Microsoft Internet Explorer 8

  • Microsoft Internet Explorer 9


References

CERT-VN - VU#539289

MISC - https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/

MISC - http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html

MS - MS14-052

Related Patches

MS14-052 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 9 for Windows Vista (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for Windows Vista (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for Windows Vista (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for Windows Vista x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 9 for Windows Vista x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for Windows Vista x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for Windows Server 2008 x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for Windows Server 2008 x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for Windows Server 2003 x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 6 for Windows Server 2003 x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for Windows Server 2003 x64 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 7 for WEPOS and POSReady 2009 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 6 for WEPOS and POSReady 2009 (KB2977629)

MS14-052 Cumulative Security Update for Internet Explorer 8 for WEPOS and POSReady 2009 (KB2977629)


Last Updated: 27 May 2016 10:55:15