- Quick specs
- Price: Free
- Operating system: Windows 2000/NT
- Date added: March 01, 2002
- Total Downloads: 38,130
- Downloads last week: 6
- See full specifications
- Average user rating: stars out of 7 votes
See all user reviews
Publisher's description
From Microsoft :Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web pages so they can only use the control to request data from remote data sources.
A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and specify a data source that is on the user's local system. The attacker could then use this to return information from the local system to the attacker's web site. An attacker would have to entice the user to a site under his control to exploit this vulnerability. It cannot be exploited by HTML email. In addition, the attacker would have to know the full path and file name of any file he would attempt to read. Finally, this vulnerability does not give an attacker any ability to add, change or delete data.
More popular Corporate Security Software downloads
- 2,215 downloads 1. Folder Guard
- 1,078 downloads 2. L0phtCrack
- 695 downloads 3. McAfee Total Protection for Small Business
- 651 downloads 4. Spyware Doctor Enterprise Free Edition
- 646 downloads 5. Wireshark
- See all Corporate Security Software downloads
User reviews
- Average user rating: 1.0 stars out of 7 votes
- My rating: 0 stars Write review
-
Showing 5 of 5 user reviewsSee all 5 user reviews
This software version | All versions -
Version: Microsoft XML 2.0 Core Services Vulnerability Patch MS02-008
"unable to download this fix after 5 attempts"
Summary: hope i don't really need this "fix", because i never could get it to open after i downloaded it...kept getting error messages...why put these out, if we can't use them?
-
Version: Microsoft XML 2.0 Core Services Vulnerability Patch MS02-008
Summary: Have tried to install this security update 4 times and it will not install.
-
Version: Microsoft XML 2.0 Core Services Vulnerability Patch MS02-008
Summary: I'.ve tried to download this program on 4 different systems and the download fails everytime. My systems are great!!! Not a problem on my computers.
-
Version: Microsoft XML 2.0 Core Services Vulnerability Patch MS02-008
"implementation of security patch for version msxml 4.0 does not work"
Summary: Application of patch 3.0 works fine.
Appliation of patch 4.0 does not work. And Windows update keeps saying that the patch still needs to be applied.
Catch 22 problem -
Version: Microsoft XML 2.0 Core Services Vulnerability Patch MS02-008
"Does NOT let me install program. Piece of crap...."
Pros: Nothing. Absolutely nothing
Cons: Again, absolutely nothing
Summary: Keeps telling me to install it, patch just won't take.
- See all 5 user reviews Write review
Submit your review
- See more CNET content tagged:
- Microsoft Corp.,
- attacker,
- control,
- data source,
- vulnerability
