Executive Summary
Informations | |||
---|---|---|---|
Name | MS02-008 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
XMLHTTP Control Can Allow Access to Local Files |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 | |
Application | 3 | |
Os | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2005-11-03 | Name : XML Core Services patch (Q318203) File : nvt/smb_nt_ms02-008.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
3032 | Microsoft IE XMLHTTP Control Arbitrary Remote File Access Microsoft Internet Explorer contains a flaw in the way it interacts with the XML Core Services 2.6 that does not honor IE Security Zone settings. The flaw occurs because IE will blindly follow redirects on XMLHTTP requests, even if they transfer from a legitimate URL to a local file. This flaw would allow remote attackers to read arbitrary files by specifying a local file as an XML Data Source. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2002-02-24 | Name : Local files can be retrieved through the web client. File : smb_nt_ms02-008.nasl - Type : ACT_GATHER_INFO |
2002-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:44:38 |
|