Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2002-0057 | First vendor Publication | 2002-03-08 |
| Vendor | Cve | Last vendor Modification | 2021-07-23 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0057 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 | |
| Application | 3 | |
| Os | 2 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2005-11-03 | Name : IE 5.01 5.5 6.0 Cumulative patch (890923) File : nvt/smb_nt_ms02-005.nasl |
| 2005-11-03 | Name : XML Core Services patch (Q318203) File : nvt/smb_nt_ms02-008.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3032 | Microsoft IE XMLHTTP Control Arbitrary Remote File Access Microsoft Internet Explorer contains a flaw in the way it interacts with the XML Core Services 2.6 that does not honor IE Security Zone settings. The flaw occurs because IE will blindly follow redirects on XMLHTTP requests, even if they transfer from a legitimate URL to a local file. This flaw would allow remote attackers to read arbitrary files by specifying a local file as an XML Data Source. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2002-02-24 | Name : Local files can be retrieved through the web client. File : smb_nt_ms02-008.nasl - Type : ACT_GATHER_INFO |
| 2002-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms02-005.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-02-02 01:01:55 |
|
| 2024-02-01 12:01:19 |
|
| 2023-09-05 12:01:50 |
|
| 2023-09-05 01:01:11 |
|
| 2023-09-02 12:01:51 |
|
| 2023-09-02 01:01:11 |
|
| 2023-08-12 12:02:13 |
|
| 2023-08-12 01:01:11 |
|
| 2023-08-11 12:01:55 |
|
| 2023-08-11 01:01:12 |
|
| 2023-08-06 12:01:46 |
|
| 2023-08-06 01:01:12 |
|
| 2023-08-04 12:01:50 |
|
| 2023-08-04 01:01:11 |
|
| 2023-07-14 12:01:48 |
|
| 2023-07-14 01:01:12 |
|
| 2023-03-29 01:01:47 |
|
| 2023-03-28 12:01:17 |
|
| 2022-10-11 12:01:37 |
|
| 2022-10-11 01:01:05 |
|
| 2021-07-27 00:24:38 |
|
| 2021-07-24 01:44:16 |
|
| 2021-07-24 01:01:19 |
|
| 2021-07-23 17:24:42 |
|
| 2021-05-04 12:01:36 |
|
| 2021-04-22 01:01:44 |
|
| 2020-05-23 00:14:53 |
|
| 2018-10-13 00:22:24 |
|
| 2017-10-10 09:23:23 |
|
| 2016-10-18 12:00:58 |
|
| 2016-06-28 14:58:06 |
|
| 2014-02-17 10:24:25 |
|
| 2013-05-11 12:07:57 |
|
