CVE-2002-0648
CVE-2002-0648
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/21749unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=bugtraq&m=103011639524314&w=2https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776http://www.iss.net/security_center/static/9936.phphttp://www.securityfocus.com/bid/5560