Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Local file access and code execution in Microsoft Internet Explorer and Netscape/Mozilla XML component

  [SA12765] Microsoft Internet Explorer Disclosure of Sensitive XML Information

  Reading local files in Netscape 6 and Mozilla (GM#001-NS)

  MSIE may download and run programs automatically - details

  More reading of local files in MSIE

From:MICROSOFT <secure_(at)_microsoft.com>
Date:24.02.2002
Subject:Security Bulletin MS02-008

- ----------------------------------------------------------------------
Title:      XMLHTTP Control Can Allow Access to Local Files
Date:       21 February 2002
Software:   Microsoft XML Core Services
Impact:     Information disclosure
Max Risk:   Critical
Bulletin:   MS02-008

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-008.asp.
- ----------------------------------------------------------------------

Issue:
======
Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX
control, which allows web pages rendering in the browser to send or
receive XML data via HTTP operations such as POST, GET, and PUT.
The control provides security measures designed to restrict web
pages so they can only use the control to request data from remote
data sources.

A flaw exists in how the XMLHTTP control applies IE security zone
settings to a redirected data stream returned in response to a
request for data from a web site. A vulnerability results because
an attacker could seek to exploit this flaw and specify a data
source that is on the user's local system. The attacker could
then use this to return information from the local system to the
attacker's web site.

An attacker would have to entice the user to a site under his
control to exploit this vulnerability. It cannot be exploited
by HTML email. In addition, the attacker would have to know the
full path and file name of any file he would attempt to read.
Finally, this vulnerability does not give an attacker any
ability to add, change or delete data.

Mitigating Factors:
====================
- The vulnerability can only be exploited via a web site.
  It would not be possible to exploit this vulnerability
  via HTML mail.

- The attacker would need to know the full path and file name
  of a file in order to read it.

- The vulnerability does not provide any ability to add,
  change, or delete files.

Risk Rating:
============
- Internet systems: Moderate
- Intranet systems: Moderate
- Client systems: Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-008.asp
  for information on obtaining this patch.

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod