CVE-2002-0648

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 through 6.0

Description The issue allows remote attackers to read arbitrary XML files and portions of other files via a URL whose src attribute redirects to a local file. This is due to the legacy <script> data-island capability for XML in Microsoft Internet Explorer.

Recommendations For Microsoft Internet Explorer versions 5.01 through 6.0, consider disabling the <script> data-island capability for XML as a temporary workaround until a patch is available. Restrict access to local files to minimize the risk of exploitation.