Описание
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:sql_server:2000:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:2.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
EPSS
Процентиль: 97%
0.41761
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
EPSS
Процентиль: 97%
0.41761
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other