CVE-2006-5745

Sažetak

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.

Reference

http://blogs.securiteam.com/?p=717
http://secunia.com/advisories/22687
http://securitytracker.com/id?1017157
http://www.iss.net/threats/239.html
http://www.kb.cert.org/vuls/id/585137
http://www.microsoft.com/technet/security/advisory/927892.mspx
http://www.securityfocus.com/bid/20915
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://www.vupen.com/english/advisories/2006/4334
http://xforce.iss.net/xforce/alerts/id/239
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
https://www.exploit-db.com/exploits/2743

CVSS

Base:	7.6
Impact:	10.0
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:H/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

12-10-2018 - 21:41

Objavljeno

06-11-2006 - 18:07