Vulnerability Description
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Xml Core Services | 4.0 |
References
- http://blogs.securiteam.com/?p=717
- http://secunia.com/advisories/22687Vendor Advisory
- http://securitytracker.com/id?1017157
- http://www.iss.net/threats/239.html
- http://www.kb.cert.org/vuls/id/585137US Government Resource
- http://www.microsoft.com/technet/security/advisory/927892.mspx
- http://www.securityfocus.com/bid/20915Exploit
- http://www.us-cert.gov/cas/techalerts/TA06-318A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/4334
- http://xforce.iss.net/xforce/alerts/id/239Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-07
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://www.exploit-db.com/exploits/2743
- http://blogs.securiteam.com/?p=717
FAQ
What is CVE-2006-5745?
CVE-2006-5745 is a vulnerability with a CVSS score of 7.6 (HIGH). Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote ...
How severe is CVE-2006-5745?
CVE-2006-5745 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5745?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Xml Core Services.