Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0976Microsoft Internet Explorer vulnerability

3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
55.0%
top 1.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedSep 24
Latest updateApr 30

Description

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer6 versions+5

🔴Vulnerability Details

1
GHSA
GHSA-2h6x-rf29-p2gv: Internet Explorer 42022-04-30

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 4/5/6 - XML Datasource Applet File Disclosure2002-08-17
CVE-2002-0976 — Microsoft vulnerability | cvebase