← Back

CVE-2002-0057

nvd nist
Published: Mar 8, 2002Modified: Apr 16, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

Affected (9)

Microsoft
4 products
Internet Explorer
Sql Server
Xml Core Services
Windows Xp
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 6.0
Microsoft
Sql Server
Version 2000
Sql Server
Version 2000 sp1
Sql Server
Version 2000 sp2
Microsoft
Xml Core Services
Version 2.6
Xml Core Services
Version 3.0
Xml Core Services
Version 4.0
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Microsoft
Windows Xp
All versions
Windows Xp
All versions

References (12)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.