CVE-2013-7331

Published: Feb 26, 2014Modified: Apr 22, 2026CISA KEV

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Exploitability: 3.9 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

Affected (6)

Products: Microsoft: Internet Explorer

Microsoft

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 6

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7

Configuration C

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 8

Running on/with	Platform Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Server 2008	Version r2 sp1

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 9

Running on/with	Platform Versions
Microsoft Windows Server 2008	All versions

Configuration E

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 10

Running on/with	Platform Versions
Microsoft Windows 8	All versions
Microsoft Windows Rt	All versions
Microsoft Windows Server 2012	All versions
Microsoft Windows Vista	All versions

Configuration F

1 vulnerable · 5 platform

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 11

Running on/with	Platform Versions
Microsoft Windows 7	All versions
Microsoft Windows 8.1	All versions
Microsoft Windows Rt 8.1	All versions
Microsoft Windows Server 2008	Version r2 sp1
Microsoft Windows Server 2012	Version r2