Microsoft Baseline security analyser shows a red cross against "MS02-008, XMLHTTP Control Can Allow Access to Local Files" on both my systems, and this is backed up by the exploit http://jscript.dk/Jumper/xploit/xmlhttp.asp is working on both my systems despite reapplying the required patch many times in the past and then installing the latest IE patch that should also of fixed it. > The bug shown on the following pages is not fixed > > http://online.security.com/bid/3699 > > I have 2 computers running Win XP Pro & IE6, both systems have all = > updates installed via the Windows Update including Q323759: August, 2002 = > Cumulative Patch for Internet Explorer 6 (Windows XP), installed on 23 = > Aug 02. > > Yet the page http://jscript.dk/Jumper/xploit/xmlhttp.asp still allows = > local file reading on both computers, which was ment to be patched in = > MS02-008. > > If you need any details, computer config, dll versions etc just drop me = > a mail and I will get you detailed compuer hardware and software info. > Can you confirm the existance of this bug on your test systems. > > Thanks > Brian
