VDB
CVE-2002-0057
CVE-2002-0057
PUBLISHED
CVSS 5 MEDIUM
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
EPSS 41.76% · 97.5th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
41.76%
97.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| microsoft | internet_explorer | 6.0 |
| n/a | n/a | * |
| microsoft | windows_xp | |
| microsoft | xml_core_services | 3.0, 2.6, 4.0 |
| microsoft | sql_server | 2000, 2000, 2000 |
Timeline
- Mar 8, 2002 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 27, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 26, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 3699 vdb
- ie-xmlhttp-redirect(7712) vdb
- 20011214 MSIE6 can read local files mailing-list
- MS02-008 vendor-advisory
- 3032 vdb
- 20020212 Update on the MS02-005 patch, holes still remain mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2002-0057 advisory