Vulnerability in Microsoft XML Core Services Leading to File Access
CVE-2002-0057

Currently unrated

Key Information:

Vendor: Microsoft
Status: Sql Server; Xml Core Services; Internet Explorer
Vendor: CVE Published:; 8 March 2002

Summary

The vulnerability in Microsoft XML Core Services stems from the XMLHTTP control's inadequate handling of Internet Explorer Security Zone settings. This flaw enables remote attackers to exploit the functionality by designating a local file as an XML Data Source, which permits unauthorized access to arbitrary files on the affected system. This concern emphasizes the importance of robust security practices and proper configuration of web applications to mitigate such risks.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/7712

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/3699

vdb-entryx_refsource_BID

http://archives.neohapsis.com/archives/bugtraq/2001-12/01...

mailing-listx_refsource_BUGTRAQ

EPSS Score

28% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Mar 8, 2002
Vulnerability Reserved
Feb 2, 2002