Vulnerability Description
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Explorer | 4.0 |
References
- http://marc.info/?l=bugtraq&m=102960731805373&w=2
- http://www.iss.net/security_center/static/9885.php
- http://www.securityfocus.com/bid/5490
- http://marc.info/?l=bugtraq&m=102960731805373&w=2
- http://www.iss.net/security_center/static/9885.php
- http://www.securityfocus.com/bid/5490
FAQ
What is CVE-2002-0976?
CVE-2002-0976 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to p...
How severe is CVE-2002-0976?
CVE-2002-0976 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0976?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Explorer.