TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2013-7331

MEDIUMCISA KEV
6.5

Beschreibung

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

CVE Details

CVSS v3.1 Bewertung6.5
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht2/26/2014
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0

CISA KEV

HerstellerMicrosoft
ProduktInternet Explorer
SchwachstellennameMicrosoft Internet Explorer Information Disclosure Vulnerability
KEV Aufnahmedatum2022-05-25
Behebungsfrist2022-06-15
Ransomware-NutzungUnknown

Betroffene Produkte

microsoft:internet_explorermicrosoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_rtmicrosoft:windows_rt_8.1microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_vista

Schwachen (CWE)

CWE-209CWE-209

Referenzen

http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html(cve@mitre.org)
http://www.kb.cert.org/vuls/id/539289(cve@mitre.org)
http://www.securitytracker.com/id/1030818(cve@mitre.org)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052(cve@mitre.org)
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/(cve@mitre.org)
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/539289(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030818(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052(af854a3a-2127-422b-91ae-364da2661108)
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.