Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Source: Adobe Systems Incorporated
Max CVSS
5.0
EPSS Score
1.18%
Published
2014-12-10
Updated
2014-12-12
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8448.
Source: Adobe Systems Incorporated
Max CVSS
5.0
EPSS Score
6.40%
Published
2014-12-10
Updated
2014-12-12
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
Source: Adobe Systems Incorporated
Max CVSS
5.0
EPSS Score
6.40%
Published
2014-12-10
Updated
2014-12-12
The Graphics Component in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly process JPEG images, which makes it easier for remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Graphics Component Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
5.0
EPSS Score
1.69%
Published
2014-12-11
Updated
2019-02-26
Microsoft Internet Explorer 8 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
22.18%
Published
2014-11-11
Updated
2018-10-12
Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
22.18%
Published
2014-11-11
Updated
2018-10-12
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
22.18%
Published
2014-11-11
Updated
2018-10-12
Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and 3.0, when a configured SAML Relying Party lacks a sign-out endpoint, does not properly process logoff actions, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
5.0
EPSS Score
0.42%
Published
2014-11-11
Updated
2018-10-12
Microsoft Internet Explorer 7 through 11 allows remote attackers to obtain sensitive clipboard information via a crafted web site, aka "Internet Explorer Clipboard Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
22.18%
Published
2014-11-11
Updated
2018-10-12
Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync XSS Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
2.69%
Published
2014-09-10
Updated
2018-10-12
Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote attackers to obtain sensitive token information via a web site that sends a crafted response during opening of an Office document, aka "Token Reuse Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
1.23%
Published
2014-05-14
Updated
2018-10-30
Microsoft Internet Explorer 10 and 11 allows remote attackers to read local files on the client via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
22.18%
Published
2014-06-11
Updated
2018-10-12
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (system hang) via a crafted application, aka "Win32k Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
6.6
EPSS Score
0.05%
Published
2014-03-12
Updated
2019-05-13
Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
4.3
EPSS Score
1.66%
Published
2014-02-12
Updated
2018-10-12
The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow remote attackers to bypass the Same Origin Policy via a web page that is visited in Internet Explorer, aka "MSXML Information Disclosure Vulnerability."
Source: Microsoft Corporation
Max CVSS
7.1
EPSS Score
96.52%
Published
2014-02-12
Updated
2019-05-13

CVE-2013-7331

Known exploited
Public exploit
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
Source: MITRE
Max CVSS
4.3
EPSS Score
53.72%
Published
2014-02-26
Updated
2019-05-14
CISA KEV Added
2022-05-25
16 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!