| Vulnerability Name: | CVE-2002-0057 (CCN-7712) | ||||||||
| Assigned: | 2001-12-15 | ||||||||
| Published: | 2001-12-15 | ||||||||
| Updated: | 2021-07-23 | ||||||||
| Summary: | XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Vendor Advisory 20011214 MSIE6 can read local files Source: CCN Type: BugTraq Mailing List, Fri Dec 14 2001 - 20:20:49 CST MSIE6 can read local files Source: MITRE Type: CNA CVE-2002-0057 Source: BUGTRAQ Type: UNKNOWN 20020212 Update on the MS02-005 patch, holes still remain Source: CCN Type: CIAC Information Bulletin M-051 Microsoft XMLHTTP Control Vulnerability Source: CCN Type: US-CERT VU#328163 Microsoft Windows XMLHTTP component allows remote access to local data sources Source: CCN Type: Microsoft Security Bulletin MS02-008 XMLHTTP Control Can Allow Access to Local Files Source: CCN Type: NTBugTraq Mailing List, Thu, 21 Feb 2002 21:12:06 -0500 Alert: Release of MS02-008 Security Bulletin - MSXML Source: OSVDB Type: UNKNOWN 3032 Source: CCN Type: OSVDB ID: 3032 Microsoft IE XMLHTTP Control Arbitrary Remote File Access Source: BID Type: UNKNOWN 3699 Source: CCN Type: BID-3699 Microsoft Internet Explorer XMLHTTP File Disclosure Vulnerability Source: MS Type: UNKNOWN MS02-008 Source: XF Type: UNKNOWN ie-xmlhttp-redirect(7712) Source: XF Type: UNKNOWN ie-xmlhttp-redirect(7712) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||