XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_explorer | Microsoft | 6.0 (including) | 6.0 (including) |
| Sql_server | Microsoft | 2000 (including) | 2000 (including) |
| Sql_server | Microsoft | 2000-sp1 (including) | 2000-sp1 (including) |
| Sql_server | Microsoft | 2000-sp2 (including) | 2000-sp2 (including) |
| Xml_core_services | Microsoft | 2.6 (including) | 2.6 (including) |
| Xml_core_services | Microsoft | 3.0 (including) | 3.0 (including) |
| Xml_core_services | Microsoft | 4.0 (including) | 4.0 (including) |