TROYANOSYVIRUS
Retour aux CVEs

CVE-2013-7331

MEDIUMCISA KEV
6.5

Description

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

Details CVE

Score CVSS v3.16.5
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie2/26/2014
Derniere modification4/22/2026
Sourcekev
Observations honeypot0

CISA KEV

FournisseurMicrosoft
ProduitInternet Explorer
Nom vulnerabiliteMicrosoft Internet Explorer Information Disclosure Vulnerability
Date ajout KEV2022-05-25
Date limite remediation2022-06-15
Utilise dans ransomwareUnknown

Produits affectes

microsoft:internet_explorermicrosoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_rtmicrosoft:windows_rt_8.1microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_vista

Faiblesses (CWE)

CWE-209CWE-209

References

http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html(cve@mitre.org)
http://www.kb.cert.org/vuls/id/539289(cve@mitre.org)
http://www.securitytracker.com/id/1030818(cve@mitre.org)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052(cve@mitre.org)
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/(cve@mitre.org)
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/539289(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030818(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052(af854a3a-2127-422b-91ae-364da2661108)
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.