← back
CVE-2013-7331

CVE-2013-7331

CVSS 6.5 MEDIUMEPSS 58.0%● KEVCWE-209
Vexday Risk Score
70High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 6.5EPSS 58.0%KEV simPoC Nuclei Metasploit simPatch referenciado
Lifecycle
26 Feb 2014Published on NVD
09 Sep 2014Metasploit module available
25 May 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A flaw in Microsoft's XMLDOM ActiveX control lets remote attackers discover whether specific files, network shares, or internal server names exist on a computer by observing error messages. This information leak could help attackers map a target's internal network.

Technical detail

CWE-209 (Information Exposure Through an Error Message) in XMLDOM ActiveX control allows unauthenticated remote attackers to perform reconnaissance via res:// protocol URLs; error responses disclose existence of local paths, UNC shares, and intranet hostnames without requiring user interaction, facilitating network enumeration attacks.

Summary generated and translated by AI from the official description.
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.htmlhttp://www.kb.cert.org/vuls/id/539289http://www.securitytracker.com/id/1030818