CVE-2013-7331

MEDIUM KEV RANSOMWARE

Microsoft XMLDOM - Info Disclosure

Title source: llm

Description

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

Exploits (1)

metasploit WORKING POC

by Soroush Dalili, sinn3r · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/ms14_052_xmldom.rb

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html

[Third Party Advisory, US Government Resource] http://www.kb.cert.org/vuls/id/539289

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030818

[Patch, Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052

[Exploit] https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331

Scores

CVSS v3 6.5

EPSS 0.8181

EPSS Percentile 99.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CISA KEV 2022-05-25

VulnCheck KEV 2014-02-26

InTheWild.io 2019-05-14

ENISA EUVD EUVD-2013-7105

Ransomware Use Confirmed

CWE

CWE-209

Status published

Products (6)

microsoft/internet_explorer 6

microsoft/internet_explorer 7

microsoft/internet_explorer 8

microsoft/internet_explorer 9

microsoft/internet_explorer 10

microsoft/internet_explorer 11

Published Feb 26, 2014

KEV Added May 25, 2022

Tracked Since Feb 18, 2026