Executive Summary

Summary
Title Microsoft XMLDOM ActiveX control information disclosure vulnerability
Informations
Name VU#539289 First vendor Publication 2014-02-17
Vendor VU-CERT Last vendor Modification 2014-02-18
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#539289

Microsoft XMLDOM ActiveX control information disclosure vulnerability

Original Release date: 17 Feb 2014 | Last revised: 18 Feb 2014

Overview

The Microsoft XMLDOM ActiveX control can be used to check for the presence of multiple resources, which can result in unintended information disclosure.

Description

Microsoft.XMLDOM is an ActiveX control that can run in Internet Explorer without requiring any prompting to the user. This object contains methods that can leak information about a computer system to the operator of a website. By looking at error codes provided by the XMLDOM ActiveX control, an attacker can check for the presence of local drive letters, directory names, files, as well as internal network addresses or websites. We have confirmed that this issue affects Internet Explorer versions 6 through 11 running on Microsoft Windows through version 8.1.

This vulnerability is actively being used by exploit code in the wild.

Impact

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to test for the presence of computer resources that would otherwise be restricted.

Solution

We are currently unaware of a practical solution to this problem.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Microsoft CorporationAffected14 Feb 201417 Feb 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.4AV:N/AC:L/Au:N/C:P/I:N/A:P
Temporal6.4E:H/RL:U/RC:C
Environmental6.4CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

  • http://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
  • http://msdn.microsoft.com/en-us/library/aa468547.aspx
  • http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
  • http://msdn.microsoft.com/en-us/magazine/ee335713.aspx

Credit

This vulnerability was publicly reported by Soroush Dalili.

This document was written by Will Dormann.

Other Information

  • CVE IDs:Unknown
  • Date Public:25 Apr 2013
  • Date First Published:17 Feb 2014
  • Date Last Updated:18 Feb 2014
  • Document Revision:6

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/539289

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:26611
 
Oval ID: oval:org.mitre.oval:def:26611
Title: Internet Explorer resource information disclosure vulnerability - CVE-2013-7331 (MS14-052)
Description: The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
Family: windows Class: vulnerability
Reference(s): CVE-2013-7331
 Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
 Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Microsoft Internet Explorer 8
Microsoft Internet Explorer 9
Microsoft Internet Explorer 10
Microsoft Internet Explorer 11
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6

Snort® IPS/IDS

Date Description
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT
2014-03-16 Windows Internet Explorer EMET check and garbage collection
RuleID : 29822 - Revision : 6 - Type : INDICATOR-COMPROMISE
2014-03-16 Windows Internet Explorer EMET check and garbage collection
RuleID : 29821 - Revision : 6 - Type : INDICATOR-COMPROMISE
2014-01-10 Microsoft XML Core Services cross-site information disclosure attempt
RuleID : 17572 - Revision : 11 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2014-09-10 Name : The remote host has a web browser that is affected by multiple vulnerabilities.
File : smb_nt_ms14-052.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2019-05-14 17:21:37
  • Multiple Updates
2014-09-10 13:26:26
  • Multiple Updates
2014-02-27 17:23:35
  • Multiple Updates
2014-02-26 21:25:28
  • Multiple Updates
2014-02-18 17:19:06
  • Multiple Updates
2014-02-18 05:22:04
  • Multiple Updates
2014-02-18 05:18:06
  • First insertion