TROYANOSYVIRUS
Voltar para CVEs

CVE-2013-7331

MEDIUMCISA KEV
6.5

Descricao

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

Detalhes CVE

Pontuacao CVSS v3.16.5
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado2/26/2014
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0

CISA KEV

FornecedorMicrosoft
ProdutoInternet Explorer
Nome da vulnerabilidadeMicrosoft Internet Explorer Information Disclosure Vulnerability
Data inclusao KEV2022-05-25
Prazo de remediacao2022-06-15
Uso em ransomwareUnknown

Produtos afetados

microsoft:internet_explorermicrosoft:windows_7microsoft:windows_8microsoft:windows_8.1microsoft:windows_rtmicrosoft:windows_rt_8.1microsoft:windows_server_2003microsoft:windows_server_2008microsoft:windows_server_2012microsoft:windows_vista

Fraquezas (CWE)

CWE-209CWE-209

Referencias

http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html(cve@mitre.org)
http://www.kb.cert.org/vuls/id/539289(cve@mitre.org)
http://www.securitytracker.com/id/1030818(cve@mitre.org)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052(cve@mitre.org)
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/(cve@mitre.org)
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/539289(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1030818(af854a3a-2127-422b-91ae-364da2661108)
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052(af854a3a-2127-422b-91ae-364da2661108)
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331(134c704f-9b21-4f2e-91b3-4a467353bcc0)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.