Vulnerabilities > CVE-2013-7332 - Resource Management Errors vulnerability in Microsoft Windows 8 and Windows 8.1

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

microsoft

CWE-399

NVD

Published: 2014-02-26

Updated: 2019-05-14

Summary

The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 8 * Microsoft Windows 8.1 *	2

Common Weakness Enumeration (CWE)

CWE-399 - Resource Management Errors

References

https://soroush.secproject.com/blog/2013/04/microsoft-xmldom-in-ie-can-divulge-information-of-local-drivenetwork-in-error-messages/