CVE-2013-7331 Information

Description

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames UNC share pathnames intranet hostnames and intranet IP addresses by examining error codes as demonstrated by a res:// URL and exploited in the wild in February 2014.

Reference

http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html http://www.kb.cert.org/vuls/id/539289 http://www.securitytracker.com/id/1030818 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052 https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/