Remote Code Execution Vulnerability in Microsoft XML Core Services ActiveX Control
CVE-2006-5745

Currently unrated

Key Information:

Vendor: Microsoft
Status: Xml Core Services
Vendor: CVE Published:; 6 November 2006

Summary

An unaddressed flaw exists in the setRequestHeader method within the XMLHTTP ActiveX Control in Microsoft XML Core Services 4.0, which is accessible through Internet Explorer. This vulnerability enables remote attackers to execute arbitrary code by providing specially crafted arguments that result in memory corruption. The exploitation of this vulnerability could potentially allow an attacker to compromise the security and integrity of the affected systems, enabling unauthorized access and control.

References

http://www.us-cert.gov/cas/techalerts/TA06-318A.html

third-party-advisoryx_refsource_CERT

http://xforce.iss.net/xforce/alerts/id/239

x_refsource_MISC

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

EPSS Score

87% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 6, 2006
Vulnerability Reserved
Nov 6, 2006