Vulnerabilities > CVE-2002-0052 - Unspecified vulnerability in Microsoft Internet Explorer

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

nessus

NVD

Published: 2002-03-08

Updated: 2021-07-23

Summary

Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.0	7

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS02-009.NASL
description	The remote host is running a version of Internet Explorer that may allow an attacker to read local files on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website.
last seen	2020-06-01
modified	2020-06-02
plugin id	10926
published	2002-03-27
reporter	This script is Copyright (C) 2002-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/10926
title	MS02-009: IE VBScript Handling patch (318089)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(10926); script_version("1.40"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2002-0052"); script_bugtraq_id(4158); script_xref(name:"MSFT", value:"MS02-009"); script_xref(name:"MSKB", value:"318089"); script_name(english:"MS02-009: IE VBScript Handling patch (318089)"); script_summary(english:"Determines whether the IE VBScript Handling patch (Q318089) is installed"); script_set_attribute(attribute:"synopsis", value:"Local files can be retrieved through the web client."); script_set_attribute(attribute:"description", value: "The remote host is running a version of Internet Explorer that may allow an attacker to read local files on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-009"); script_set_attribute(attribute:"solution", value: "Microsoft has released a set of patches for the Windows NT, 2000 and XP."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2002/02/21"); script_set_attribute(attribute:"patch_publication_date", value:"2002/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2002/03/27"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2002-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl"); script_require_keys("SMB/Registry/Enumerated"); script_require_ports(139, 445); script_exclude_keys("SMB/WinXP/ServicePack"); exit(0); } # deprecated -> too old flaw -> FP exit (0);

Summary

Vulnerable Configurations

Nessus

References