CVE-2002-0976

Internet Explorer 4.0+ - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0976. PoCs published by Jelmer.

AI-analyzed exploit summary This exploit leverages a vulnerability in Microsoft Internet Explorer's datasource applet to read local files via a crafted HTML page. It uses XML external entity (XXE) processing to disclose the contents of a specified local file (e.g., C:/jelmer.txt) when the page is loaded.

Description

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jelmer · htmllocalwindows
https://www.exploit-db.com/exploits/21721

This exploit leverages a vulnerability in Microsoft Internet Explorer's datasource applet to read local files via a crafted HTML page. It uses XML external entity (XXE) processing to disclose the contents of a specified local file (e.g., C:/jelmer.txt) when the page is loaded.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions affected by CVE-2002-0976)
No auth needed
Prerequisites: Victim must open the malicious HTML page in a vulnerable version of Internet Explorer
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9885.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5490
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=102960731805373&w=2

Scores

EPSS 0.1430
EPSS Percentile 96.1%

Details

Status published
Products (6)
microsoft/internet_explorer 4.0
microsoft/internet_explorer 4.0.1 (2 CPE variants)
microsoft/internet_explorer 5.0
microsoft/internet_explorer 5.0.1 (3 CPE variants)
microsoft/internet_explorer 5.5 (3 CPE variants)
microsoft/internet_explorer 6.0
Published Sep 24, 2002
Tracked Since Feb 18, 2026