{"vuid":"VU#539289","idnumber":"539289","name":"Microsoft XMLDOM ActiveX control information disclosure vulnerability","keywords":["Microsoft","XMLDOM","Microsoft.XMLDOM","info leak","local file presence"],"overview":"The Microsoft XMLDOM ActiveX control can be used to check for the presence of multiple resources, which can result in unintended information disclosure.","clean_desc":"Microsoft.XMLDOM is an ActiveX control that can run in Internet Explorer without requiring any prompting to the user. This object contains methods that can leak information about a computer system to the operator of a website. By looking at error codes provided by the XMLDOM ActiveX control, an attacker can check for the presence of local drive letters, directory names, files, as well as internal network addresses or websites. We have confirmed that this issue affects Internet Explorer versions 6 through 11 running on Microsoft Windows through version 8.1. This vulnerability is actively being used by exploit code in the wild.","impact":"By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to test for the presence of computer resources that would otherwise be restricted.","resolution":"We are currently unaware of a practical solution to this problem.","workarounds":"","sysaffected":"","thanks":"This vulnerability was publicly reported by Soroush Dalili.","author":"This document was written by Will Dormann.","public":["http://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/","http://msdn.microsoft.com/en-us/library/aa468547.aspx","http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html","http://msdn.microsoft.com/en-us/magazine/ee335713.aspx"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2014-02-17T23:54:15Z","publicdate":"2013-04-25T00:00:00Z","datefirstpublished":"2014-02-18T00:18:04Z","dateupdated":"2014-02-18T15:36:29Z","revision":7,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"P","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"ND","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.4","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:N/A:P","cvss_temporalscore":"6.4","cvss_environmentalscore":"6.42291951","cvss_environmentalvector":"CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}