CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2013-7332

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.139

EPSS Ranking 94.1%

CVSS Severity

CVSS v2 Score 5.0

References

https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/
https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/

Products affected by CVE-2013-7332

Microsoft » Windows 8.1 » Version: N/A

cpe:2.3:o:microsoft:windows_8.1:-
Microsoft » Windows 8.1 » Version: 6.3.9600.20520

cpe:2.3:o:microsoft:windows_8.1:6.3.9600.20520
Microsoft » Windows 8 » Version: N/A

cpe:2.3:o:microsoft:windows_8:-
Microsoft » Windows 8 » Version: consumer_preview

cpe:2.3:o:microsoft:windows_8:consumer_preview

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-7332

Products

Pricing

Contact Us