CVE-2013-7331

CVE Database · CVE-2013-7331

CVE-2013-7331

· MEDIUMAnalyzed

CVSS v3.1

6.5

EPSS

58.02%

Published

Feb 26, 2014

Modified

Apr 22, 2026

CISA Known Exploited Vulnerability

Added: 2022-05-25 · Due: 2022-06-15

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Weaknesses (CWE)

CWE-209CWE-209

Affected Products (31)

microsoft · internet_explorervulnerable

microsoft · windows_server_2003

microsoft · internet_explorervulnerable

microsoft · windows_server_2003

microsoft · windows_server_2008

microsoft · windows_vista

microsoft · internet_explorervulnerable