Vulnerability Details : CVE-2013-7331
Public exploit exists!
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
Vulnerability category: Information leak
CVE-2013-7331 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Microsoft Internet Explorer Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.
Added on
2022-05-25
Action due date
2022-06-15
Exploit prediction scoring system (EPSS) score for CVE-2013-7331
Probability of exploitation activity in the next 30 days: 53.72%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-7331
-
MS14-052 Microsoft Internet Explorer XMLDOM Filename Disclosure
Disclosure Date: 2014-09-09First seen: 2020-04-26auxiliary/gather/ms14_052_xmldomThis module will use the Microsoft XMLDOM object to enumerate a remote machine's filenames. It will try to do so against Internet Explorer 8 and Internet Explorer 9. To use it, you must supply your own list of file paths. Each file path should look like this: c:\\win
CVSS scores for CVE-2013-7331
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-7331
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7331
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052
Microsoft Security Bulletin MS14-052 - Critical | Microsoft DocsPatch;Vendor Advisory
-
http://www.kb.cert.org/vuls/id/539289
VU#539289 - Microsoft XMLDOM ActiveX control information disclosure vulnerabilityThird Party Advisory;US Government Resource
-
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
Microsoft XMLDOM in IE can divulge information of local drive/network in error messages – XXE | Soroush Dalili (@irsdl) – سروش دلیلیExploit
-
http://www.securitytracker.com/id/1030818
Microsoft Internet Explorer Mulitple Flaws Let Remote Users Execute Arbitrary Code and Obtain Potentially Sensitive Information - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website | FireEye IncThird Party Advisory
Products affected by CVE-2013-7331
- cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*