XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote malicious users to read arbitrary files by specifying a local file as an XML Data Source.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft sql server 2000 |
||
microsoft internet explorer 6.0 |
||
microsoft xml core services 3.0 |
||
microsoft xml core services 4.0 |
||
microsoft xml core services 2.6 |
||
microsoft windows xp |