Executive Summary
Summary | |
---|---|
Title | Microsoft XMLDOM ActiveX control information disclosure vulnerability |
Informations | |||
---|---|---|---|
Name | VU#539289 | First vendor Publication | 2014-02-17 |
Vendor | VU-CERT | Last vendor Modification | 2014-02-18 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#539289Microsoft XMLDOM ActiveX control information disclosure vulnerabilityOverviewThe Microsoft XMLDOM ActiveX control can be used to check for the presence of multiple resources, which can result in unintended information disclosure. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThis vulnerability was publicly reported by Soroush Dalili. This document was written by Will Dormann. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/539289 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:26611 | |||
Oval ID: | oval:org.mitre.oval:def:26611 | ||
Title: | Internet Explorer resource information disclosure vulnerability - CVE-2013-7331 (MS14-052) | ||
Description: | The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2013-7331 | Version: | 3 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 Microsoft Internet Explorer 9 Microsoft Internet Explorer 10 Microsoft Internet Explorer 11 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-30 | Nuclear exploit kit obfuscated file download RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT |
2015-04-30 | Nuclear exploit kit landing page detected RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT |
2014-03-16 | Windows Internet Explorer EMET check and garbage collection RuleID : 29822 - Revision : 6 - Type : INDICATOR-COMPROMISE |
2014-03-16 | Windows Internet Explorer EMET check and garbage collection RuleID : 29821 - Revision : 6 - Type : INDICATOR-COMPROMISE |
2014-01-10 | Microsoft XML Core Services cross-site information disclosure attempt RuleID : 17572 - Revision : 11 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-09-10 | Name : The remote host has a web browser that is affected by multiple vulnerabilities. File : smb_nt_ms14-052.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2019-05-14 17:21:37 |
|
2014-09-10 13:26:26 |
|
2014-02-27 17:23:35 |
|
2014-02-26 21:25:28 |
|
2014-02-18 17:19:06 |
|
2014-02-18 05:22:04 |
|
2014-02-18 05:18:06 |
|