Vulnerabilities > CVE-2002-0057 - Unspecified vulnerability in Microsoft products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 | |
| OS | 2 |
Nessus
NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS02-005.NASL description The Cumulative Patch for IE is not applied on the remote host. Impact of vulnerability : Run code of attacker last seen 2020-06-01 modified 2020-06-02 plugin id 10861 published 2002-02-13 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10861 title MS02-005: MSIE 5.01 5.5 6.0 Cumulative Patch (890923) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS02-008.NASL description The remote host is running a version of Internet Explorer that could allow an attacker to read local files on the remote host. To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website. last seen 2020-06-01 modified 2020-06-02 plugin id 10866 published 2002-02-24 reporter This script is Copyright (C) 2002-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/10866 title MS02-008: XML Core Services patch (318203)
References
- http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html
- http://www.securityfocus.com/bid/3699
- http://www.osvdb.org/3032
- http://marc.info/?l=bugtraq&m=101366383408821&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7712
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008