Vulnerability Name:

CVE-2002-0052 (CCN-8252)

Assigned:2002-02-21
Published:2002-02-21
Updated:2021-07-23
Summary:Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2002-0052

Source: CCN
Type: SECTRACK ID: 1003630
Microsoft Internet Explorer Has Another Frame Domain Security Bug That Lets Remote Users View Files or Other Personal Information from a Victim`s Computer By Using Malicious VBScripts

Source: SECTRACK
Type: UNKNOWN
1003630

Source: CCN
Type: Microsoft Product Support Services
List of Fixes in Microsoft Internet Explorer 6 SP1

Source: CCN
Type: IVY Hungary Ltd. Press Release 2002. February 22.
Internet Explorer: Gates open to hacker attacks

Source: CCN
Type: CIAC Information Bulletin M-045
Microsoft Incorrect VBScript Handling in IE

Source: CCN
Type: US-CERT VU#462451
Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Source: CCN
Type: Microsoft Security Bulletin MS02-009
Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files

Source: OSVDB
Type: UNKNOWN
763

Source: CCN
Type: OSVDB ID: 763
Microsoft IE VBScript Mis-Handling Arbitrary File Access

Source: BID
Type: UNKNOWN
4158

Source: CCN
Type: BID-4158
Microsoft VBScript Same Origin Policy Violation Vulnerability

Source: MS
Type: UNKNOWN
MS02-009

Source: XF
Type: UNKNOWN
ie-vbscript-view-files(8252)

Source: CCN
Type: Microsoft Knowledge Base Article 328548
How to Obtain the Latest Service Pack for Internet Explorer 6

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.5:-:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 5.5
    microsoft internet explorer 5.5 sp1
    microsoft internet explorer 5.0.1 sp2
    microsoft internet explorer 5.01
    microsoft internet explorer 5.0.1 sp1
    microsoft internet explorer 5.5 sp2
    microsoft internet explorer 6.0
    microsoft ie 5.01
    microsoft ie 5.5
    microsoft ie 6.0