Version: 2008
advertisement
Click Here

Microsoft XML 3.0 Core Services Vulnerability Patch MS02-008

  • Quick specs
  • Price: Free
  • Operating system: Windows 2000/NT
  • Date added: March 01, 2002
  • Total Downloads: 61,803
  • Downloads last week: 11
  • See full specifications
Add to my list Add to my Watch List
Download Now (550.84K)
Tested spyware free

Publisher's description

From Microsoft :

Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web pages so they can only use the control to request data from remote data sources.

A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and specify a data source that is on the user's local system. The attacker could then use this to return information from the local system to the attacker's web site. An attacker would have to entice the user to a site under his control to exploit this vulnerability. It cannot be exploited by HTML email. In addition, the attacker would have to know the full path and file name of any file he would attempt to read. Finally, this vulnerability does not give an attacker any ability to add, change or delete data.

iPhone Starter Kit
Essential apps for your iPhone.
Download Now

More popular Corporate Security Software downloads

  1. 2,362 downloads 1. Folder Guard
  2. 1,091 downloads 2. L0phtCrack
  3. 694 downloads 3. McAfee Total Protection for Small Business
  4. 546 downloads 4. Spyware Doctor Enterprise Free Edition
  5. 448 downloads 5. Wireshark
  6. See all Corporate Security Software downloads
Blackberry Starter Kit
If your BlackBerry is missing these essential apps, you're missing out.
Download Now

User reviews

Submit your review

Log in or create an account to submit your review for:

Microsoft XML 3.0 Core Services Vulnerability Patch MS02-008

 ORLog in with your Facebook account
1. Rate this product:
(Mouse over the stars to rate this product and click to set your rating.)
2. One-line summary:(Summarize your review in one line. 10 characters minimum; required.)
0 of 55 characters
3. Pros:(Tell us what you like about this product. 10 characters minimum; required.)
0 of 250 characters
4. Cons:(Tell us what you don't like about this product. 10 characters minimum; required.)
0 of 250 characters
Bottom-line summary:(Explain to us in detail why you like or dislike the product, focusing your comments on the product's features and functionality, and your experience using the product. This field is optional.)
0 of 5000 characters

The posting of advertisements, profanity, or personal attacks are prohibited.
Click here to review our site terms of use.

Submit
See more CNET content tagged:
Microsoft Corp.,
attacker,
control,
data source,
vulnerability

advertisement
download
Site map
Help center
Our software policies
Newsletters
Submit software
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET API
About CNET