CVE-2002-0976

Internet Explorer 4.0+ - Info Disclosure

Title source: llm

Description

Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jelmer · htmllocalwindows

https://www.exploit-db.com/exploits/21721

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://www.iss.net/security_center/static/9885.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/5490

[Mailing List] http://marc.info/?l=bugtraq&m=102960731805373&w=2

Scores

EPSS 0.5500

EPSS Percentile 98.1%

Details

Status published

Products (6)

microsoft/internet_explorer 4.0

microsoft/internet_explorer 4.0.1 (2 CPE variants)

microsoft/internet_explorer 5.0

microsoft/internet_explorer 5.0.1 (3 CPE variants)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

Published Sep 24, 2002

Tracked Since Feb 18, 2026