CISA KEV 정보
| 취약점명 | Microsoft Internet Explorer Information Disclosure Vulnerability |
|---|---|
| 설명 | An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-200 |
| 등록일 (KEV) | 2022-05-25 |
| 조치 기한 | 2022-06-15 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2013-7331 |
NVD 상세 정보
CVSS v3.1: 6.5 MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LCVSS v2.0: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N설명: The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
CWE: CWE-200 | CWE-209
참조
- http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html [Third Party Advisory]
- http://www.kb.cert.org/vuls/id/539289 [Third Party Advisory, US Government Resource]
- http://www.securitytracker.com/id/1030818 [Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052 [Patch, Vendor Advisory]
- https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/ [Exploit]
- http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html [Third Party Advisory]
- http://www.kb.cert.org/vuls/id/539289 [Third Party Advisory, US Government Resource]
- http://www.securitytracker.com/id/1030818 [Third Party Advisory, VDB Entry]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-052 [Patch, Vendor Advisory]
- https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/ [Exploit]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-7331
This product uses the NVD API but is not endorsed or certified by the NVD.