cbcvebase.
CVE-2002-0648
published 2002-09-24

CVE-2002-0648: The legacy data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions…

PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
48.44%
98.7th percentile
The legacy data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.

Affected

3 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation occurs via a malicious webpage or malicious HTML e-mail using IE's legacy XML data-island feature, where a 'src' attribute redirects to a local file path to disclose its contents
  • Other attack surfaces beyond the browser include Outlook and MSN Explorer (any application embedding the IE engine); monitor these for suspicious XML data-island usage
  • Detect exploitation attempts by looking for XML data-island elements whose 'src' attribute redirects to a local file URI (file://) within HTML content delivered from remote origins
  • Proof-of-concept exploit uses XMLDocument.parseError.srcText to exfiltrate partial file contents line-by-line; monitor for JavaScript patterns accessing XMLDocument.parseError.srcText or XMLDocument.xml in conjunction with local file src attributes
  • ·Affected versions are Internet Explorer 5.01, 5.5, and 6.0 only; the legacy XML data-island capability is the specific feature being abused
  • ·For non-XML files, only partial/fragment disclosure is possible (e.g., a single line via parseError.srcText), not full file contents
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.