6.5
CVE-2013-7331
- EPSS 85.29%
- Published 26.02.2014 14:55:08
- Last modified 12.04.2025 10:46:40
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
Data is provided by the National Vulnerability Database (NVD)
Microsoft ≫ Internet Explorer Version6
Microsoft ≫ Internet Explorer Version7
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Internet Explorer Version8
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2003 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformitanium
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Internet Explorer Version9
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows Server 2008 Version- Updatesp2
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Internet Explorer Version10
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows 8 Version-
Microsoft ≫ Windows Rt Version-
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Windows 8 Version-
Microsoft ≫ Windows Rt Version-
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Version-
Microsoft ≫ Windows Vista Version- Updatesp2
Microsoft ≫ Internet Explorer Version11
Microsoft ≫ Windows 7 Version- Updatesp1
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Rt 8.1 Version-
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Versionr2
Microsoft ≫ Windows 8.1 Version-
Microsoft ≫ Windows Rt 8.1 Version-
Microsoft ≫ Windows Server 2008 Versionr2 Updatesp1 HwPlatformx64
Microsoft ≫ Windows Server 2012 Versionr2
25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Internet Explorer Information Disclosure Vulnerability
VulnerabilityAn information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 85.29% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-209 Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.