HTTP: Internet Explorer XML Disclosure
This signature detects attempts to exploit a known vulnerability in Internet Explorer. Internet Explorer 5.01, 5.5, and 6.0 are vulnerable. Because IE does not properly validate the source parameter of XML SCRIPT data-island, attackers can use a malicious script to view arbitrary XML files on a local machine.
Extended Description
A flaw in Microsoft Internet Explorer may reveal the entire contents of XML files and partial contents of other files to attackers. This vulnerability allows an attacker to read the entire contents of XML files, and fragments of other files, existing in a known location, from a victim user's system. This vulnerability can be exploited via a malicious webpage or via malicious HTML e-mail. Other applications that use the Internet Explorer engine are affected as well (Outlook, MSN Explorer, etc.).
Affected Products
Microsoft internet_explorer
Short Name
HTTP:STC:IE:XML-DISCLOSE
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2002-0648 Disclosure Explorer Internet XML bid:13943 bid:5560
Release Date
01/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
5.0