ID CVE-2006-4685
Summary The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
oval via4
accepted 2008-12-08T04:00:46.006-05:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Sudhir Gandhe
    organization Secure Elements, Inc.
definition_extensions
  • comment Microsoft XML Core Services 3 is installed
    oval oval:org.mitre.oval:def:415
  • comment Microsoft XML Core Services 4 is installed
    oval oval:org.mitre.oval:def:1002
  • comment Microsoft XML Core Services 5 is installed
    oval oval:org.mitre.oval:def:493
  • comment Microsoft XML Core Services 6 is installed
    oval oval:org.mitre.oval:def:454
description The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
family windows
id oval:org.mitre.oval:def:221
status accepted
submitted 2006-10-11T05:29:41
title Microsoft XML Core Services Vulnerability
version 65
refmap via4
bid 20339
cert-vn VU#547212
hp
  • HPSBST02161
  • SSRT061264
ms MS06-061
osvdb 29425
sectrack 1017033
secunia 22333
vupen ADV-2006-3980
vulnerable_product via4
  • cpe:2.3:a:microsoft:xml_core_services:3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_core_services:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:xml_parser:2.6:*:*:*:*:*:*:*
Last major update 17-10-2018 - 21:39
Published 10-10-2006 - 22:07
Back to Top