MS02-009: IE VBScript Handling patch (318089)

medium Nessus Plugin ID 10926

Synopsis

Local files can be retrieved through the web client.

Description

The remote host is running a version of Internet Explorer that may allow an attacker to read local files on the remote host.

To exploit this flaw, an attacker would need to lure a victim on the remote system into visiting a rogue website.

Solution

Microsoft has released a set of patches for the Windows NT, 2000 and XP.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2002/ms02-009

Plugin Details

Severity: Medium

ID: 10926

File Name: smb_nt_ms02-009.nasl

Version: 1.40

Type: local

Agent: windows

Published: 3/27/2002

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:ie

Required KB Items: SMB/Registry/Enumerated

Excluded KB Items: SMB/WinXP/ServicePack

Exploit Ease: No known exploits are available

Patch Publication Date: 2/21/2002

Vulnerability Publication Date: 2/21/2002

Reference Information

CVE: CVE-2002-0052

BID: 4158

MSFT: MS02-009

MSKB: 318089