First published: Wed Feb 26 2014(Updated: )
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Explorer | =6 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Internet Explorer | =7 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft Windows Vista | =sp2 | |
Microsoft Internet Explorer | =8 | |
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Internet Explorer | =9 | |
Microsoft Internet Explorer | =10 | |
Microsoft Windows 8 | ||
Microsoft Windows Rt | ||
Microsoft Windows Server 2012 | ||
Microsoft Internet Explorer | =11 | |
Microsoft Windows 8.1 | ||
Microsoft Windows RT 8.1 | ||
Microsoft Windows Server 2012 | =r2 | |
Microsoft Internet Explorer | ||
All of | ||
Microsoft Internet Explorer | =6 | |
Microsoft Windows Server 2003 | =sp2 | |
All of | ||
Microsoft Internet Explorer | =7 | |
Any of | ||
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft Windows Vista | =sp2 | |
All of | ||
Microsoft Internet Explorer | =8 | |
Any of | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server 2003 | =sp2 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Vista | =sp2 | |
All of | ||
Microsoft Internet Explorer | =9 | |
Any of | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows Server 2008 | =sp2 | |
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Vista | =sp2 | |
All of | ||
Microsoft Internet Explorer | =10 | |
Any of | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 8 | ||
Microsoft Windows Rt | ||
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2012 | ||
Microsoft Windows Vista | =sp2 | |
All of | ||
Microsoft Internet Explorer | =11 | |
Any of | ||
Microsoft Windows 7 | =sp1 | |
Microsoft Windows 8.1 | ||
Microsoft Windows RT 8.1 | ||
Microsoft Windows Server 2008 | =r2-sp1 | |
Microsoft Windows Server 2012 | =r2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.