Moderate

CVE-2002-0057 - Unspecified vulnerability in Microsoft Internet Explorer/SQL Server/Windows XP/XML Core Services

Publication: 2002-03-08
Summary

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

Risk level (CVSS 5)

Moderate

5.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Microsoft XML Core Services 2.6
  • Microsoft XML Core Services 3.0
  • Microsoft XML Core Services 4.0
  • Microsoft Internet Explorer 6.0
  • Microsoft SQL Server 2000
  • Microsoft SQL Server 2000
  • Microsoft SQL Server 2000
  • Microsoft Windows XP
  • Microsoft Windows XP