CVE-2006-5745
Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
Vulnerabilidad no especificada en el método setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar código de su elección mediante argumentos manipulados que llevan a una corrupción de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de información de terceros.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-11-06 CVE Reserved
- 2006-11-06 CVE Published
- 2006-11-10 First Exploit
- 2024-07-12 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://blogs.securiteam.com/?p=717 | X_refsource_misc | |
| http://securitytracker.com/id?1017157 | Vdb Entry | |
| http://www.iss.net/threats/239.html | Third Party Advisory | |
| http://www.kb.cert.org/vuls/id/585137 | Third Party Advisory |
|
| http://www.microsoft.com/technet/security/advisory/927892.mspx | X_refsource_confirm | |
| http://www.us-cert.gov/cas/techalerts/TA06-318A.html | Third Party Advisory | |
| http://www.vupen.com/english/advisories/2006/4334 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30004 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104 | Signature |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16532 | 2010-07-03 | |
| https://www.exploit-db.com/exploits/2743 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/2749 | 2006-11-10 | |
| https://www.exploit-db.com/exploits/2753 | 2006-11-10 | |
| http://www.securityfocus.com/bid/20915 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/22687 | 2018-10-12 | |
| http://xforce.iss.net/xforce/alerts/id/239 | 2018-10-12 | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Xml Core Services Search vendor "Microsoft" for product "Xml Core Services" | 4.0 Search vendor "Microsoft" for product "Xml Core Services" and version "4.0" | - |
Affected
| ||||||