cbcvebase.
CVE-2002-0976
published 2002-09-24

CVE-2002-0976: Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet…

PriorityP421medium6.4CVSS 2.0
AVNACLAuNCPIPAN
EXPLOIT
EPSS
14.30%
96.2th percentile
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer
microsoftinternet_explorer

Detection & IOCsextracted from sources · hover to see the quote

othercom.ms.xml.dso.XMLDSO.class
commandxmldso.getDocument()
  • Look for web pages that instantiate the com.ms.xml.dso.XMLDSO.class applet with a codebase pointing to the local system (e.g., codebase="file:///" or codebase pointing to local paths), indicating an attempt to abuse trusted local context for file disclosure.
  • Monitor for JavaScript calls to xmldso.getDocument() on pages loaded from remote origins, which is the mechanism used to extract local file contents via the XML Datasource applet.
  • ·The vulnerability affects Internet Explorer 4.0 and later; the XML Datasource applet (com.ms.xml.dso.XMLDSO.class) must be present and enabled in the browser for exploitation to succeed.
  • ·Exploitation relies on the applet trusting the local system when the codebase is redirected; the attacker must know the path of the target file in advance.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.