cvelistv5 - cve-2006-5745

cve-2006-5745

Vulnerability from cvelistv5

Published

2006-11-06 18:00

Modified

2024-08-07 20:04

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.securiteam.com/?p=717
cve@mitre.org	http://secunia.com/advisories/22687	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017157
cve@mitre.org	http://www.iss.net/threats/239.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/585137	US Government Resource
cve@mitre.org	http://www.microsoft.com/technet/security/advisory/927892.mspx
cve@mitre.org	http://www.securityfocus.com/bid/20915	Exploit
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4334
cve@mitre.org	http://xforce.iss.net/xforce/alerts/id/239	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
cve@mitre.org	https://www.exploit-db.com/exploits/2743
af854a3a-2127-422b-91ae-364da2661108	http://blogs.securiteam.com/?p=717
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22687	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017157
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/threats/239.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/585137	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/927892.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20915	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4334
af854a3a-2127-422b-91ae-364da2661108	http://xforce.iss.net/xforce/alerts/id/239	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/2743

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:54.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA06-318A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xforce.iss.net/xforce/alerts/id/239"
          },
          {
            "name": "oval:org.mitre.oval:def:104",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
          },
          {
            "name": "1017157",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017157"
          },
          {
            "name": "2743",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/2743"
          },
          {
            "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://www.iss.net/threats/239.html"
          },
          {
            "name": "MS06-071",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
          },
          {
            "name": "ADV-2006-4334",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4334"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.securiteam.com/?p=717"
          },
          {
            "name": "20915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20915"
          },
          {
            "name": "22687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22687"
          },
          {
            "name": "ie-xml-http-request-handling(30004)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
          },
          {
            "name": "VU#585137",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/585137"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "TA06-318A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xforce.iss.net/xforce/alerts/id/239"
        },
        {
          "name": "oval:org.mitre.oval:def:104",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
        },
        {
          "name": "1017157",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017157"
        },
        {
          "name": "2743",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/2743"
        },
        {
          "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://www.iss.net/threats/239.html"
        },
        {
          "name": "MS06-071",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
        },
        {
          "name": "ADV-2006-4334",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4334"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.securiteam.com/?p=717"
        },
        {
          "name": "20915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20915"
        },
        {
          "name": "22687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22687"
        },
        {
          "name": "ie-xml-http-request-handling(30004)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
        },
        {
          "name": "VU#585137",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/585137"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5745",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "http://xforce.iss.net/xforce/alerts/id/239",
              "refsource": "MISC",
              "url": "http://xforce.iss.net/xforce/alerts/id/239"
            },
            {
              "name": "oval:org.mitre.oval:def:104",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
            },
            {
              "name": "1017157",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017157"
            },
            {
              "name": "2743",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/2743"
            },
            {
              "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
              "refsource": "ISS",
              "url": "http://www.iss.net/threats/239.html"
            },
            {
              "name": "MS06-071",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
            },
            {
              "name": "ADV-2006-4334",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4334"
            },
            {
              "name": "http://blogs.securiteam.com/?p=717",
              "refsource": "MISC",
              "url": "http://blogs.securiteam.com/?p=717"
            },
            {
              "name": "20915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20915"
            },
            {
              "name": "22687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22687"
            },
            {
              "name": "ie-xml-http-request-handling(30004)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/927892.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
            },
            {
              "name": "VU#585137",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/585137"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5745",
    "datePublished": "2006-11-06T18:00:00",
    "dateReserved": "2006-11-06T00:00:00",
    "dateUpdated": "2024-08-07T20:04:54.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9B9BE3-6F83-469E-834F-3E00CFECD8E2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el m\\u00e9todo setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante argumentos manipulados que llevan a una corrupci\\u00f3n de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de informaci\\u00f3n de terceros.\"}]",
      "id": "CVE-2006-5745",
      "lastModified": "2024-11-21T00:20:23.027",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-11-06T18:07:00.000",
      "references": "[{\"url\": \"http://blogs.securiteam.com/?p=717\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22687\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017157\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.iss.net/threats/239.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/585137\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/927892.mspx\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20915\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4334\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://xforce.iss.net/xforce/alerts/id/239\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/2743\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.securiteam.com/?p=717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.iss.net/threats/239.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/585137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/927892.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20915\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4334\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xforce.iss.net/xforce/alerts/id/239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/2743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5745\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-11-06T18:07:00.000\",\"lastModified\":\"2024-11-21T00:20:23.027\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el m\u00e9todo setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos manipulados que llevan a una corrupci\u00f3n de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9B9BE3-6F83-469E-834F-3E00CFECD8E2\"}]}]}],\"references\":[{\"url\":\"http://blogs.securiteam.com/?p=717\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22687\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017157\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.iss.net/threats/239.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/585137\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/927892.mspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20915\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4334\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/2743\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.securiteam.com/?p=717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.iss.net/threats/239.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/585137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/927892.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4334\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/2743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2006-5745

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-5745

Aliases

CVE-2006-5745

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5745",
    "description": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2006-5745",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-5745"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5745"
      ],
      "details": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2006-5745",
      "modified": "2023-12-13T01:19:56.644490Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5745",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA06-318A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "name": "http://xforce.iss.net/xforce/alerts/id/239",
            "refsource": "MISC",
            "url": "http://xforce.iss.net/xforce/alerts/id/239"
          },
          {
            "name": "oval:org.mitre.oval:def:104",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
          },
          {
            "name": "1017157",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017157"
          },
          {
            "name": "2743",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/2743"
          },
          {
            "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
            "refsource": "ISS",
            "url": "http://www.iss.net/threats/239.html"
          },
          {
            "name": "MS06-071",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
          },
          {
            "name": "ADV-2006-4334",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4334"
          },
          {
            "name": "http://blogs.securiteam.com/?p=717",
            "refsource": "MISC",
            "url": "http://blogs.securiteam.com/?p=717"
          },
          {
            "name": "20915",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20915"
          },
          {
            "name": "22687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22687"
          },
          {
            "name": "ie-xml-http-request-handling(30004)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/927892.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
          },
          {
            "name": "VU#585137",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/585137"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5745"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xforce.iss.net/xforce/alerts/id/239",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://xforce.iss.net/xforce/alerts/id/239"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/927892.mspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
            },
            {
              "name": "http://blogs.securiteam.com/?p=717",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.securiteam.com/?p=717"
            },
            {
              "name": "VU#585137",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/585137"
            },
            {
              "name": "20915",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/20915"
            },
            {
              "name": "1017157",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017157"
            },
            {
              "name": "22687",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22687"
            },
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
              "refsource": "ISS",
              "tags": [],
              "url": "http://www.iss.net/threats/239.html"
            },
            {
              "name": "ADV-2006-4334",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4334"
            },
            {
              "name": "ie-xml-http-request-handling(30004)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
            },
            {
              "name": "2743",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/2743"
            },
            {
              "name": "oval:org.mitre.oval:def:104",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
            },
            {
              "name": "MS06-071",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T21:41Z",
      "publishedDate": "2006-11-06T18:07Z"
    }
  }
}

cve-2006-5745

Vulnerability from fkie_nvd

Published

2006-11-06 18:07

Modified

2024-11-21 00:20

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.securiteam.com/?p=717
cve@mitre.org	http://secunia.com/advisories/22687	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017157
cve@mitre.org	http://www.iss.net/threats/239.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/585137	US Government Resource
cve@mitre.org	http://www.microsoft.com/technet/security/advisory/927892.mspx
cve@mitre.org	http://www.securityfocus.com/bid/20915	Exploit
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4334
cve@mitre.org	http://xforce.iss.net/xforce/alerts/id/239	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
cve@mitre.org	https://www.exploit-db.com/exploits/2743
af854a3a-2127-422b-91ae-364da2661108	http://blogs.securiteam.com/?p=717
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22687	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017157
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/threats/239.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/585137	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/927892.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20915	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4334
af854a3a-2127-422b-91ae-364da2661108	http://xforce.iss.net/xforce/alerts/id/239	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/2743

Impacted products

	Vendor	Product	Version
	microsoft	xml_core_services	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el m\u00e9todo setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos manipulados que llevan a una corrupci\u00f3n de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2006-5745",
  "lastModified": "2024-11-21T00:20:23.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-06T18:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.securiteam.com/?p=717"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/threats/239.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/585137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xforce.iss.net/xforce/alerts/id/239"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/2743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.securiteam.com/?p=717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/threats/239.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/585137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xforce.iss.net/xforce/alerts/id/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/2743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. Failed exploit attempts will result in a denial-of-service condition. An attacker could exploit this vulnerability by crafting a specially crafted web page that could allow remote code execution if a user visits the web page or clicks a link in an email message. However, user interaction is required to exploit this vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

       Technical Cyber Security Alert TA06-318A

Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash

Original release date: November 14, 2006 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Internet Explorer
 * Adobe Flash

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash.

I. Description

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash as part of the Microsoft Security Bulletin Summary for November 2006. Microsoft has included updates to Adobe Flash, which is installed with Internet Explorer.

Further information is available in the Vulnerability Notes Database.

II. An attacker may also be able to cause a denial of service.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the November 2006 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Note any known issues described in the Bulletins and test for any potentially adverse affects in your environment.

System administrators may wish to consider using Windows Server Update Services (WSUS).

IV. References

 * US-CERT Vulnerability Notes for Microsoft November 2006 updates - 
   <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-nov>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 * Microsoft Security Bulletin Summary for November 2006 -
   <http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx>

 * Microsoft Update - <https://update.microsoft.com/microsoftupdate/>

 * Windows Server Update Services -
   <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-318A.html>

 Feedback can be directed to US-CERT Technical Staff. Please send
 email to <cert@cert.org> with "TA06-318A Feedback VU#377369" in
 the subject.

 For instructions on subscribing to or unsubscribing from this
 mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

November 14, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ 4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa bRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ geGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I heEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh Z0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg== =K0Wj -----END PGP SIGNATURE----- .

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links

Read the full description: http://corporate.secunia.com/products/48/?r=l

Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l

TITLE: Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability

SECUNIA ADVISORY ID: SA22687

VERIFY ADVISORY: http://secunia.com/advisories/22687/

CRITICAL: Extremely critical

IMPACT: System access

WHERE:

From remote

OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/

SOFTWARE: Microsoft Core XML Services (MSXML) 4.x http://secunia.com/product/6472/

DESCRIPTION: A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.

The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.

NOTE: The vulnerability is already being actively exploited.

SOLUTION: Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY: Microsoft http://www.microsoft.com/technet/security/advisory/927892.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200611-0102",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xml core services",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "xml core service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": "xml core service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "xml core services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "storage management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "s8100 media servers r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-5745",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-5745",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-21853",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-5745",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#585137",
            "trust": 0.8,
            "value": "29.77"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200611-068",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-21853",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information. Failed exploit attempts will result in a denial-of-service condition. An attacker could exploit this vulnerability by crafting a specially crafted web page that could allow remote code execution if a user visits the web page or clicks a link in an email message. However, user interaction is required to exploit this vulnerability. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                        National Cyber Alert System\n\n\t\t   Technical Cyber Security Alert TA06-318A\n\nMicrosoft Security Updates for Windows, Internet Explorer, and Adobe Flash\n\n   Original release date: November 14, 2006\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Internet Explorer\n     * Adobe Flash\n\n\nOverview\n\n   Microsoft has released updates that address critical vulnerabilities\n   in Microsoft Windows, Internet Explorer, and Adobe Flash. \n\nI. Description\n\n   Microsoft has released updates to address vulnerabilities in Microsoft\n   Windows, Internet Explorer, and Adobe Flash as part of the Microsoft\n   Security Bulletin Summary for November 2006. Microsoft has included updates to Adobe Flash, which is\n   installed with Internet Explorer. \n\n   Further information is available in the Vulnerability Notes Database. \n\n\nII. An attacker may also be able to cause a denial of\n   service. \n\n\nIII. Solution\n\nApply updates from Microsoft\n\n   Microsoft has provided updates for these vulnerabilities in the\n   November 2006 Security Bulletins. The Security Bulletins describe any\n   known issues related to the updates. Note any known issues described\n   in the Bulletins and test for any potentially adverse affects in your\n   environment. \n\n   System administrators may wish to consider using Windows Server Update\n   Services (WSUS). \n\n\nIV. References\n\n     * US-CERT Vulnerability Notes for Microsoft November 2006 updates - \n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-nov\u003e\n\n     * Securing Your Web Browser -\n       \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n     * Microsoft Security Bulletin Summary for November 2006 -\n       \u003chttp://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx\u003e\n\n     * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate/\u003e\n\n     * Windows Server Update Services -\n       \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-318A.html\u003e\n \n____________________________________________________________________\n\n     Feedback can be directed to US-CERT Technical Staff. Please send\n     email to \u003ccert@cert.org\u003e with \"TA06-318A Feedback VU#377369\" in\n     the subject. \n \n____________________________________________________________________\n\n     For instructions on subscribing to or unsubscribing from this\n     mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n \n____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n____________________________________________________________________\n\n\nRevision History\n\n   November 14, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ\n4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa\nbRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ\ngeGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I\nheEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh\nZ0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg==\n=K0Wj\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft XMLHTTP ActiveX Control Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA22687\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22687/\n\nCRITICAL:\nExtremely critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nMicrosoft Windows XP Professional\nhttp://secunia.com/product/22/\nMicrosoft Windows XP Home Edition\nhttp://secunia.com/product/16/\nMicrosoft Windows Server 2003 Web Edition\nhttp://secunia.com/product/1176/\nMicrosoft Windows Server 2003 Standard Edition\nhttp://secunia.com/product/1173/\nMicrosoft Windows Server 2003 Enterprise Edition\nhttp://secunia.com/product/1174/\nMicrosoft Windows Server 2003 Datacenter Edition\nhttp://secunia.com/product/1175/\nMicrosoft Windows 2000 Server\nhttp://secunia.com/product/20/\nMicrosoft Windows 2000 Professional\nhttp://secunia.com/product/1/\nMicrosoft Windows 2000 Datacenter Server\nhttp://secunia.com/product/1177/\nMicrosoft Windows 2000 Advanced Server\nhttp://secunia.com/product/21/\n\nSOFTWARE:\nMicrosoft Core XML Services (MSXML) 4.x\nhttp://secunia.com/product/6472/\n\nDESCRIPTION:\nA vulnerability has been reported in Microsoft XML Core Services,\nwhich can be exploited by malicious people to compromise a users\nsystem. \n\nThe vulnerability is caused due to an unspecified error in the\nXMLHTTP 4.0 ActiveX Control. \n\nSuccessful exploitation allows execution of arbitrary code when a\nuser e.g. visits a malicious website using Internet Explorer. \n\nNOTE: The vulnerability is already being actively exploited. \n\nSOLUTION:\nMicrosoft has recommended various workarounds including setting the\nkill-bit for the affected ActiveX control (see the vendor\u0027s advisory\nfor details). \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft\nhttp://www.microsoft.com/technet/security/advisory/927892.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      }
    ],
    "trust": 2.88
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-21853",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "20915",
        "trust": 3.6
      },
      {
        "db": "SECUNIA",
        "id": "22687",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#585137",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA06-318A",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1017157",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2743",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4334",
        "trust": 1.7
      },
      {
        "db": "USCERT",
        "id": "SA06-318A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS06-071",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "2743",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:104",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA06-318A",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "30004",
        "trust": 0.6
      },
      {
        "db": "ISS",
        "id": "20061104 VULNERABILITY IN MICROSOFT XML HTTP REQUEST HANDLING",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16532",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2753",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2749",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71046",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-459",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83032",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52175",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51658",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "id": "VAR-200611-0102",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:56:18.957000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "927892",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
      },
      {
        "title": "MS06-071",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx"
      },
      {
        "title": "927892",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/advisory/927892.mspx"
      },
      {
        "title": "MS06-071",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-071.mspx"
      },
      {
        "title": "MS06-071e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/ms06-071e.mspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www.securityfocus.com/bid/20915"
      },
      {
        "trust": 2.9,
        "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
      },
      {
        "trust": 2.5,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx"
      },
      {
        "trust": 2.5,
        "url": "http://xforce.iss.net/xforce/alerts/id/239"
      },
      {
        "trust": 2.5,
        "url": "http://blogs.securiteam.com/?p=717"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-318a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/585137"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22687/"
      },
      {
        "trust": 1.7,
        "url": "http://www.iss.net/threats/239.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017157"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22687"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2006/4334"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/2743"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a104"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/4334"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.org/diary.php?storyid=1823"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5745"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2006/at060019.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2006/at060018.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2007/at070016.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23585137/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-318a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-318a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trvu%23585137/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5745"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-318a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2006/20061105_092738.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2006/20061115_072449.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/30004"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/2743"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:104"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.pandasoftware.com/blogs/images/pandalabs/2007/05/11/mpack.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-253.htm"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://update.microsoft.com/microsoftupdate/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-318a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-nov\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1173/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/22/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/products/48/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/21/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1174/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1176/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1175/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6472/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1177/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/20/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "date": "2006-11-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "date": "2006-11-03T00:00:00",
        "db": "BID",
        "id": "20915"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "date": "2006-11-16T16:02:41",
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "date": "2006-11-06T05:09:25",
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "date": "2006-11-06T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "date": "2006-11-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "date": "2007-05-15T20:48:00",
        "db": "BID",
        "id": "20915"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "date": "2018-10-12T21:41:43.373000",
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "date": "2008-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft XML Core Services XMLHTTP ActiveX control vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ],
    "trust": 0.9
  }
}

ghsa-x5x2-7mmp-555x

Vulnerability from github

Published

2022-05-01 07:31

Modified

2022-05-01 07:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5745"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-06T18:07:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-x5x2-7mmp-555x",
  "modified": "2022-05-01T07:31:21Z",
  "published": "2022-05-01T07:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5745"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/2743"
    },
    {
      "type": "WEB",
      "url": "http://blogs.securiteam.com/?p=717"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22687"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017157"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/threats/239.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/585137"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20915"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4334"
    },
    {
      "type": "WEB",
      "url": "http://xforce.iss.net/xforce/alerts/id/239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-5745

Vulnerability from cvelistv5

gsd-2006-5745

Vulnerability from gsd

cve-2006-5745

Vulnerability from fkie_nvd

var-200611-0102

Vulnerability from variot

ghsa-x5x2-7mmp-555x

Vulnerability from github

Tags

Sightings

Nomenclature