CVE-2013-7331

Name of the Vulnerable Software and Affected Versions Internet Explorer versions prior to the fixed version Microsoft.XMLDOM ActiveX control in Microsoft Windows versions prior to 8.1

Description The issue allows attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes. This can be demonstrated by a res:// URL. The vulnerability could allow an attacker to detect anti-malware applications in use on a target and use the information to avoid detection. It has been exploited in the wild.

Recommendations For Internet Explorer, update to a version that includes the fix for this issue. For Microsoft Windows 8.1 and earlier, update to a version that includes the fix for this issue or apply relevant security patches. As a temporary workaround, consider restricting access to the Microsoft.XMLDOM ActiveX control until a patch is available. Avoid using the res:// URL in the affected API endpoint until the issue is resolved.