{"vuid":"VU#328163","idnumber":"328163","name":"Microsoft Windows XMLHTTP component allows remote access to local data sources","keywords":["Microsoft Windows","XMLHTTP component","local files","active scripting","MS02-008"],"overview":"The Microsoft XMLHTTP ActiveX control allows unauthorized reading of any known file on a system. A victim must be enticed to visit a malicious site in order to be attacked.","clean_desc":"Description (from MS02-008): Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX\ncontrol, which allows web pages rendering in the browser to send or\nreceive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web\npages so they can only use the control to request data from remote\ndata sources. A flaw exists in how the XMLHTTP control applies IE security zone\nsettings to a redirected data stream returned in response to a\nrequest for data from a web site. A vulnerability results because\nan attacker could seek to exploit this flaw and specify a data\nsource that is on the user's local system. The attacker could\nthen use this to return information from the local system to the\nattacker's web site. Preconditions (from MS02-008): - The vulnerability can only be exploited via a web site. It would not be possible to exploit this vulnerability\n   via HTML mail. - The attacker would need to know the full path and file name\n   of a file in order to read it.","impact":"A remote attacker who can entice a victim to visit a malicious web site can read any file the user can. Note this vulnerability is not believed to allow file modification (no file writing, inserting, or deleting).","resolution":"Apply the patches found in MS02-008. http://www.microsoft.com/windows/ie/downloads/critical/q317244/download.asp Microsoft has confirmed that this problem could result in some degree of security vulnerability in Microsoft XML 4.0. This problem was corrected in Microsoft XML 4.0 Service Pack 1. To download MSXML 4.0 Service Pack 1, visit the following Microsoft Web site: http://msdn.microsoft.com/downloads/default.asp?url=/downloads/sample.asp?url=/msdn-files/027/001/766/msdncompositedoc.xml MSXML can also be installed separately. MSXML is installed as a DLL in the System32 subfolder of the Windows operating system folder. On most systems, this will likely be C:\\Windows or C:\\winnt. If you have any or all of the following files in the System32 folder, you need the patch: Msxml2.dll \nMsxml3.dll \nMsxml4.dll If you have only Msxml.dll, you do not need the patch because this is an earlier, unaffected version.","workarounds":"","sysaffected":"","thanks":"","author":"This document was written by Jeffrey S. Havrilla based on information provided by Microsoft.","public":["http://www.microsoft.com/technet/security/bulletin/MS02-008.asp","http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-008.asp","http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317244","http://www.xs4all.nl/~jkuperus/bug.htm","http://www.securityfocus.com/bid/3699"],"cveids":["CVE-2002-0057"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-12-17T14:56:55Z","publicdate":"2001-12-17T00:00:00Z","datefirstpublished":"2002-10-01T13:42:57Z","dateupdated":"2002-10-02T15:38:55Z","revision":28,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"7","cam_population":"15","cam_impact":"7","cam_easeofexploitation":"12","cam_attackeraccessrequired":"20","cam_scorecurrent":"10.395","cam_scorecurrentwidelyknown":"12.7575","cam_scorecurrentwidelyknownexploited":"22.2075","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":10.395,"vulnote":null}