- License:
- Free
- Editor's Rating:
- Not rated
- Average User Rating:
-
(out of 10 votes)
Rate it!
- Downloads:
- 61,348
- Requirements:
- Windows NT/2000
- Limitations:
- No limitations
- Date Added:
- March 01, 2002
Publisher's description of Microsoft XML 3.0 Core Services Vulnerability Patch
From Microsoft: Microsoft XML Core Services (MSXML) includes the XMLHTTP ActiveX control, which allows web pages rendering in the browser to send or receive XML data via HTTP operations such as POST, GET, and PUT. The control provides security measures designed to restrict web pages so they can only use the control to request data from remote data sources.A flaw exists in how the XMLHTTP control applies IE security zone settings to a redirected data stream returned in response to a request for data from a web site. A vulnerability results because an attacker could seek to exploit this flaw and specify a data source that is on the user's local system. The attacker could then use this to return information from the local system to the attacker's web site. An attacker would have to entice the user to a site under his control to exploit this vulnerability. It cannot be exploited by HTML email. In addition, the attacker would have to know the full path and file name of any file he would attempt to read. Finally, this vulnerability does not give an attacker any ability to add, change or delete data.
- See more CNET content tagged:
- attacker,
- vulnerability,
- data source,
- control,
- Microsoft Corp.
User reviews of Microsoft XML 3.0 Core Services Vulnerability Patch
- Average user rating:
out of 10 votes -
Your rating:
Write your own review
Showing 5 of 7 reviews Show all 7 user reviews
This software version | All versions
-
Microsoft XML 3.0 Core Services Vulnerability Patch
-
Microsoft XML 3.0 Core Services Vulnerability Patch
-
Microsoft XML 3.0 Core Services Vulnerability Patch
-
Microsoft XML 3.0 Core Services Vulnerability Patch
-
Microsoft XML 3.0 Core Services Vulnerability Patch
Showing 5 of 7 reviews Show all 7 user reviews
Submit your review for Microsoft XML 3.0 Core Services Vulnerability Patch:
You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.
All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.
CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.
Electronics & Computers Deals here!