1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: MSIE XMLDOM ActiveX CVE-2013-7331 2

Web Attack: MSIE XMLDOM ActiveX CVE-2013-7331 2

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a Information Disclosure vulnerability in Microsoft XMLDOM ActiveX.

Additional Information

Microsoft XMLDOM ActiveX control is prone to multiple information-disclosure vulnerabilities. Specifically, these issues affect unspecified methods that will allow website administrator to gain access to sensitive information through error codes.

Note: Very limited information is currently available regarding this issue. We will update this BID as more information emerges.

Attackers can exploit this issue by enticing an unsuspecting user to view a malicious webpage.

Successful exploits will allow attackers to obtain sensitive information like local drive letters, files, and directory names; that may aid in further attacks.

Affected

  • Microsoft Windows 8.1 and earlier
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube