Vulnerability Description
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 6.0 |
| Microsoft | Sql Server | 2000 |
| Microsoft | Xml Core Services | 2.6 |
| Microsoft | Windows Xp | All versions |
References
- http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=101366383408821&w=2
- http://www.osvdb.org/3032
- http://www.securityfocus.com/bid/3699
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7712
- http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.htmlVendor Advisory
- http://marc.info/?l=bugtraq&m=101366383408821&w=2
- http://www.osvdb.org/3032
- http://www.securityfocus.com/bid/3699
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7712
FAQ
What is CVE-2002-0057?
CVE-2002-0057 is a vulnerability with a CVSS score of 5.0 (MEDIUM). XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an ...
How severe is CVE-2002-0057?
CVE-2002-0057 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0057?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer, Microsoft Sql Server, Microsoft Xml Core Services, Microsoft Windows Xp.