ID CVE-2006-5745
Summary Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • Microsoft xml_core_services 4.0
    cpe:2.3:a:microsoft:xml_core_services:4.0
CVSS
Base: 7.6 (as of 09-11-2006 - 10:02)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
  • description Internet Explorer XML Core Services HTTP Request Handling. CVE-2006-5745. Remote exploit for windows platform
    id EDB-ID:16532
    last seen 2016-02-02
    modified 2010-07-03
    published 2010-07-03
    reporter metasploit
    source https://www.exploit-db.com/download/16532/
    title Microsoft Internet Explorer - XML Core Services HTTP Request Handling
  • id EDB-ID:2743
metasploit via4
description This module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This module is the modified version of http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6 \+ Microsoft XML Core Services 4.0 SP2.
id MSF:EXPLOIT/WINDOWS/BROWSER/MS06_071_XML_CORE
last seen 2019-03-27
modified 2017-09-09
published 2007-10-24
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms06_071_xml_core.rb
title MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling
nessus via4
NASL family Windows : Microsoft Bulletins
NASL id SMB_NT_MS06-071.NASL
description The remote host is running a version of Windows that contains a flaw in the Windows XML Core Services. An attacker may be able to execute arbitrary code on the remote host by constructing a malicious script and enticing a victim to visit a website or view a specially crafted email message.
last seen 2019-02-21
modified 2018-11-15
plugin id 23647
published 2006-11-14
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=23647
title MS06-071: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
oval via4
accepted 2007-02-20T13:39:27.419-05:00
class vulnerability
contributors
name Robert L. Hollis
organization ThreatGuard, Inc.
definition_extensions
  • comment Microsoft XML Core Services 4 is installed
    oval oval:org.mitre.oval:def:1002
  • comment Microsoft XML Core Services 6 is installed
    oval oval:org.mitre.oval:def:454
description Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
family windows
id oval:org.mitre.oval:def:104
status accepted
submitted 2006-11-15T12:28:05
title Microsoft XML Core Services Vulnerability
version 64
packetstorm via4
data source https://packetstormsecurity.com/files/download/83032/ms06_071_xml_core.rb.txt
id PACKETSTORM:83032
last seen 2016-12-05
published 2009-11-26
reporter Trirat Puttaraksa
source https://packetstormsecurity.com/files/83032/Internet-Explorer-XML-Core-Services-HTTP-Request-Handling.html
title Internet Explorer XML Core Services HTTP Request Handling
refmap via4
bid 20915
cert TA06-318A
cert-vn VU#585137
confirm http://www.microsoft.com/technet/security/advisory/927892.mspx
exploit-db 2743
iss 20061104 Vulnerability in Microsoft XML HTTP Request Handling
misc
ms MS06-071
sectrack 1017157
secunia 22687
vupen ADV-2006-4334
xf ie-xml-http-request-handling(30004)
saint via4
bid 20915
description Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability
id win_patch_ie_xmlsetrequestheader
osvdb 30208
title microsoft_xmlhttp_setrequestheader
type client
Last major update 07-03-2011 - 21:43
Published 06-11-2006 - 13:07
Last modified 12-10-2018 - 17:41
Back to Top