Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2013-7331

Published: 26/02/2014 Updated: 14/05/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 471
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Internet Explorer

Vulnerability Summary

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and previous versions allows remote malicious users to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft internet_explorer 6

microsoft internet_explorer 7

microsoft internet_explorer 8

microsoft internet_explorer 9

microsoft internet_explorer 10

microsoft internet_explorer 11

Recent Articles

Biter bitten as hacker leaks source code for popular exploit kit
The Register • Darren Pauli • 13 Feb 2015

There is no honour among thieves

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former r...

Read more...
Microsoft Updates September 2014
Securelist • Kurt Baumgartner • 11 Sep 2014

Microsoft released four security bulletins this month addressing a total of 42 vulnerabilities in Internet Explorer (MS14-052), .NET (MS14-053), the Windows task scheduler (MS14-054), and several issues in Windows Lync Server (MS14-055). I counted a total of 37 cve set aside for Internet Explorer, with the other five for the three remaining software. Most interesting is the XMLDOM vulnerability (cve-2013-7331), a vulnerability that has been publicly discussed since at least April 25, 2013. T...

Read more...

References

CWE-200https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.htmlhttp://www.kb.cert.org/vuls/id/539289http://www.securitytracker.com/id/1030818https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052https://nvd.nist.govhttps://www.theregister.co.uk/2015/02/13/rig_exploit_kit_source_code_leak/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook