| Vulnerability Name: | CVE-2006-5745 (CCN-30004) | ||||||||
| Assigned: | 2006-11-03 | ||||||||
| Published: | 2006-11-03 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. Note: some of these details are obtained from third party information. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C) 6.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
6.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MISC Type: UNKNOWN http://blogs.securiteam.com/?p=717 Source: MITRE Type: CNA CVE-2006-5745 Source: CCN Type: SA22687 Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability Source: SECUNIA Type: Vendor Advisory 22687 Source: CCN Type: SECTRACK ID: 1017157 Microsoft XML Core Services ActiveX Control Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1017157 Source: CCN Type: ASA-2006-253 Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71) Source: ISS Type: UNKNOWN 20061104 Vulnerability in Microsoft XML HTTP Request Handling Source: CCN Type: US-CERT VU#585137 Microsoft XML Core Services XMLHTTP ActiveX control vulnerability Source: CERT-VN Type: US Government Resource VU#585137 Source: CCN Type: Microsoft Security Advisory (927892) Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution Source: CONFIRM Type: UNKNOWN http://www.microsoft.com/technet/security/advisory/927892.mspx Source: CCN Type: Microsoft Security Bulletin MS06-071 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) Source: CCN Type: Microsoft Security Bulletin MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227) Source: BID Type: Exploit 20915 Source: CCN Type: BID-20915 Microsoft XML Core Service XMLHTTP ActiveX Control Remote Code Execution Vulnerability Source: CERT Type: US Government Resource TA06-318A Source: VUPEN Type: UNKNOWN ADV-2006-4334 Source: CCN Type: Internet Security Systems Protection Alert November 4, 2006 Vulnerability in Microsoft XML HTTP Request Handling Source: MISC Type: Vendor Advisory http://xforce.iss.net/xforce/alerts/id/239 Source: MS Type: UNKNOWN MS06-071 Source: XF Type: UNKNOWN ie-xml-http-request-handling(30004) Source: XF Type: UNKNOWN ie-xml-http-request-handling(30004) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:104 Source: EXPLOIT-DB Type: UNKNOWN 2743 Source: CCN Type: Rapid7 Vulnerability and Exploit Database [10-10-2006] MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||