CVE-2002-0648

Microsoft Internet Explorer <6.0 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0648. PoCs published by GreyMagic Software.

AI-analyzed exploit summary This exploit leverages a flaw in Microsoft Internet Explorer to read the contents of XML files and partial contents of other files from a known location on a victim's system. It uses a script tag with an XML source and JavaScript to parse and display the file contents or error details.

Description

The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GreyMagic Software · textremotewindows

https://www.exploit-db.com/exploits/21749

View Code ZIP pw:eip

This exploit leverages a flaw in Microsoft Internet Explorer to read the contents of XML files and partial contents of other files from a known location on a victim's system. It uses a script tag with an XML source and JavaScript to parse and display the file contents or error details.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected by CVE-2002-0648)

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML email · Known file path on the victim's system

MITRE ATT&CK