1. CVE-Search
  2. CVE-2006-5745
ID CVE-2006-5745
Summary Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 12-10-2018 - 21:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
accepted 2007-02-20T13:39:27.419-05:00
class vulnerability
contributors
name Robert L. Hollis
organization ThreatGuard, Inc.
definition_extensions
  • comment Microsoft XML Core Services 4 is installed
    oval oval:org.mitre.oval:def:1002
  • comment Microsoft XML Core Services 6 is installed
    oval oval:org.mitre.oval:def:454
description Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
family windows
id oval:org.mitre.oval:def:104
status accepted
submitted 2006-11-15T12:28:05
title Microsoft XML Core Services Vulnerability
version 65
refmap via4
bid 20915
cert TA06-318A
cert-vn VU#585137
confirm http://www.microsoft.com/technet/security/advisory/927892.mspx
exploit-db 2743
iss 20061104 Vulnerability in Microsoft XML HTTP Request Handling
misc
sectrack 1017157
secunia 22687
vupen ADV-2006-4334
xf ie-xml-http-request-handling(30004)
saint via4
bid 20915
description Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability
id win_patch_ie_xmlsetrequestheader
osvdb 30208
title microsoft_xmlhttp_setrequestheader
type client
Last major update 12-10-2018 - 21:41
Published 06-11-2006 - 18:07
Last modified 12-10-2018 - 21:41
Back to Top