CVE-2002-0648
published 2002-09-24CVE-2002-0648: The legacy data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
48.44%
98.7th percentile
The legacy data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation occurs via a malicious webpage or malicious HTML e-mail using IE's legacy XML data-island feature, where a 'src' attribute redirects to a local file path to disclose its contents ↗
- →Other attack surfaces beyond the browser include Outlook and MSN Explorer (any application embedding the IE engine); monitor these for suspicious XML data-island usage ↗
- →Detect exploitation attempts by looking for XML data-island elements whose 'src' attribute redirects to a local file URI (file://) within HTML content delivered from remote origins ↗
- →Proof-of-concept exploit uses XMLDocument.parseError.srcText to exfiltrate partial file contents line-by-line; monitor for JavaScript patterns accessing XMLDocument.parseError.srcText or XMLDocument.xml in conjunction with local file src attributes ↗
- ·Affected versions are Internet Explorer 5.01, 5.5, and 6.0 only; the legacy XML data-island capability is the specific feature being abused ↗
- ·For non-XML files, only partial/fragment disclosure is possible (e.g., a single line via parseError.srcText), not full file contents ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=103011639524314&w=2http://www.iss.net/security_center/static/9936.phphttp://www.securityfocus.com/bid/5560https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776http://marc.info/?l=bugtraq&m=103011639524314&w=2http://www.iss.net/security_center/static/9936.phphttp://www.securityfocus.com/bid/5560https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776
2002-09-24
Published