CVE-2002-0057

3 documents3 sources
Severity
5.0MEDIUM
EPSS
41.8%
top 2.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft Internet ExplorerMicrosoft SQL ServerMicrosoft XML Core Services
Timeline
PublishedMar 8
Latest updateApr 30

Description

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

NVDmicrosoft/xml_core_services2.6, 3.0, 4.0+2

🔴Vulnerability Details

2
GHSA
GHSA-vwh5-j6cw-v82h: XMLHTTP control in Microsoft XML Core Services 22022-04-30
CVEList
CVE-2002-0057: XMLHTTP control in Microsoft XML Core Services 22002-06-25
CVE-2002-0057 (MEDIUM CVSS 5) | XMLHTTP control in Microsoft XML Co | cvebase.io