CVE-2002-0976
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
24/09/2002
Last modified:
03/04/2025
Description
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
Impact
Base Score 2.0
6.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page