oval:org.mitre.oval:def:1207

Definition Id: oval:org.mitre.oval:def:1207

Oval ID:	oval:org.mitre.oval:def:1207
Title:	IE6,SP1 File Disclosure via Redirects Vulnerability
Description:	The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2002-0648	Version:	4
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Software section Internet Explorer 6 Service Pack 1 is installed AND the version of mshtml.dll is less than 6.0.2800.1505 or 6.0.2800.1506 the version of mshtml.dll is less than 6.0.2800.1505 (RTMGDR) AND the version of mshtml.dll is less than 6.0.2800.1506 (RTMQFE) AND NOT the patch kb883939 is installed AND Configuration section ActiveX controls and active scripting are enabled current user settings are being used and ActiveX controls and active scripting are enabled NOT use machine settings rather than individual user settings AND ActiveX controls are enabled for the current user AND active scripting is enabled for the current user OR local machine settings are being used and ActiveX controls and active scripting are enabled use machine settings rather than individual user settings AND ActiveX controls are enabled for the local machine AND active scripting is enabled for the local machine