Windows : Microsoft Bulletins : XML Core Services patch (Q318203)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.10866

Kategorie: Windows : Microsoft Bulletins

Titel: XML Core Services patch (Q318203)

Zusammenfassung: XMLHTTP Control Can Allow Access to Local Files.

Beschreibung: Summary:
XMLHTTP Control Can Allow Access to Local Files.

Vulnerability Insight:
A flaw exists in how the XMLHTTP control applies IE security zone settings to a
redirected data stream returned in response to a request for data from a web site.

A vulnerability results because an attacker could seek to exploit this flaw and
specify a data source that is on the user's local system. The attacker could then
use this to return information from the local system to the attacker's web site.

Vulnerability Impact:
Attacker can read files on client system.

Affected Software/OS:
- Microsoft XML Core Services versions 2.6, 3.0, and 4.0. An affected version of XML Core Services is also shipped as part of the following products:

- Microsoft Windows XP

- Microsoft Internet Explorer 6.0

- Microsoft SQL Server 2000 (note: versions earlier than 2.6 are not affected files affected include msxml[2-4].dll and are found in the system32 directory. This might be false positive if you have earlier version)

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2002-0057
BugTraq ID: 3699
http://www.securityfocus.com/bid/3699
Bugtraq: 20011214 MSIE6 can read local files (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html
Bugtraq: 20020212 Update on the MS02-005 patch, holes still remain (Google Search)
http://marc.info/?l=bugtraq&m=101366383408821&w=2
Microsoft Security Bulletin: MS02-008
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008
http://www.osvdb.org/3032
XForce ISS Database: ie-xmlhttp-redirect(7712)
https://exchange.xforce.ibmcloud.com/vulnerabilities/7712

Copyright Copyright (C) 2002 Michael Scheidell

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.10866
Kategorie:	Windows : Microsoft Bulletins
Titel:	XML Core Services patch (Q318203)
Zusammenfassung:	XMLHTTP Control Can Allow Access to Local Files.
Beschreibung:	Summary: XMLHTTP Control Can Allow Access to Local Files. Vulnerability Insight: A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and specify a data source that is on the user's local system. The attacker could then use this to return information from the local system to the attacker's web site. Vulnerability Impact: Attacker can read files on client system. Affected Software/OS: - Microsoft XML Core Services versions 2.6, 3.0, and 4.0. An affected version of XML Core Services is also shipped as part of the following products: - Microsoft Windows XP - Microsoft Internet Explorer 6.0 - Microsoft SQL Server 2000 (note: versions earlier than 2.6 are not affected files affected include msxml[2-4].dll and are found in the system32 directory. This might be false positive if you have earlier version) Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0057 BugTraq ID: 3699 http://www.securityfocus.com/bid/3699 Bugtraq: 20011214 MSIE6 can read local files (Google Search) http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html Bugtraq: 20020212 Update on the MS02-005 patch, holes still remain (Google Search) http://marc.info/?l=bugtraq&m=101366383408821&w=2 Microsoft Security Bulletin: MS02-008 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008 http://www.osvdb.org/3032 XForce ISS Database: ie-xmlhttp-redirect(7712) https://exchange.xforce.ibmcloud.com/vulnerabilities/7712
Copyright	Copyright (C) 2002 Michael Scheidell