Both the vulnerabilities have been classified as under :
1. Information disclosure vulnerability ( CVE-2013-7331 )
This vulnerability exists because the XMLDOM ActiveX control containing methods that can leak information about a computer system to the operator of a website. A remote attacker could exploit this vulnerability to obtain sensitive information like local drive letters, files, and directory names by enticing a user to visit a specially crafted webpage and by examining the error codes generated.
Cert-in has said that this vulnerability is being exploited in the wild, but CXSecurity says that this may lead to only marginal exploitation.
2. Denial of service Vulnerability ( CVE-2013-7332 )
This vulnerability exist due to improper detection of recursion during entity expansion. A remote attacker could exploit this vulnerability by convincing a user to visit a crafted XML document containing a large number of nested entity references to cause memory and CPU consumption resulting in denial of service conditions (DoS) . The machine then can be turned into a ‘Zombie Computer’ to launch a Denial of Service (DoS) attack on the wild or a dedicated Distributed Denial of Service (DDoS) attack.
As of now, Microsoft has not issued any fix/patch for this vulnerabilities but there is a workaround available if you want to safeguard your computer. You have to set the Internet and Local intranet security zone settings in the Internet Explorer settings to “High”. This will then disable both XMLDOM ActiveX Controls and Active Scripting in your Internet Explorer and the scripts cant be executed.