Vulnerabilities > CVE-2002-0976 - Unspecified vulnerability in Microsoft Internet Explorer

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

microsoft

exploit available

NVD

Published: 2002-09-24

Updated: 2021-07-23

Summary

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.0.1 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 4.0 Microsoft Internet Explorer 4.0.1 Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 6.0	11

Exploit-Db

description	Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability. CVE-2002-0976. Local exploit for windows platform
id	EDB-ID:21721
last seen	2016-02-02
modified	2002-08-17
published	2002-08-17
reporter	Jelmer
source	https://www.exploit-db.com/download/21721/
title	Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References