cvelistv5 - cve-2006-5745

CVE-2006-5745 (GCVE-0-2006-5745)

Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	third-party-advisoryx_refsource_CERT
	http://xforce.iss.net/xforce/alerts/id/239	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://securitytracker.com/id?1017157	vdb-entryx_refsource_SECTRACK
	https://www.exploit-db.com/exploits/2743	exploitx_refsource_EXPLOIT-DB
	http://www.iss.net/threats/239.html	third-party-advisoryx_refsource_ISS
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.vupen.com/english/advisories/2006/4334	vdb-entryx_refsource_VUPEN
	http://blogs.securiteam.com/?p=717	x_refsource_MISC
	http://www.securityfocus.com/bid/20915	vdb-entryx_refsource_BID
	http://secunia.com/advisories/22687	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.microsoft.com/technet/security/advisor…	x_refsource_CONFIRM
	http://www.kb.cert.org/vuls/id/585137	third-party-advisoryx_refsource_CERT-VN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:54.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "TA06-318A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://xforce.iss.net/xforce/alerts/id/239"
          },
          {
            "name": "oval:org.mitre.oval:def:104",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
          },
          {
            "name": "1017157",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017157"
          },
          {
            "name": "2743",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/2743"
          },
          {
            "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
            "tags": [
              "third-party-advisory",
              "x_refsource_ISS",
              "x_transferred"
            ],
            "url": "http://www.iss.net/threats/239.html"
          },
          {
            "name": "MS06-071",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
          },
          {
            "name": "ADV-2006-4334",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4334"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.securiteam.com/?p=717"
          },
          {
            "name": "20915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20915"
          },
          {
            "name": "22687",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22687"
          },
          {
            "name": "ie-xml-http-request-handling(30004)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
          },
          {
            "name": "VU#585137",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/585137"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "TA06-318A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://xforce.iss.net/xforce/alerts/id/239"
        },
        {
          "name": "oval:org.mitre.oval:def:104",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
        },
        {
          "name": "1017157",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017157"
        },
        {
          "name": "2743",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/2743"
        },
        {
          "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
          "tags": [
            "third-party-advisory",
            "x_refsource_ISS"
          ],
          "url": "http://www.iss.net/threats/239.html"
        },
        {
          "name": "MS06-071",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
        },
        {
          "name": "ADV-2006-4334",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4334"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.securiteam.com/?p=717"
        },
        {
          "name": "20915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20915"
        },
        {
          "name": "22687",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22687"
        },
        {
          "name": "ie-xml-http-request-handling(30004)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
        },
        {
          "name": "VU#585137",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/585137"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5745",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "http://xforce.iss.net/xforce/alerts/id/239",
              "refsource": "MISC",
              "url": "http://xforce.iss.net/xforce/alerts/id/239"
            },
            {
              "name": "oval:org.mitre.oval:def:104",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
            },
            {
              "name": "1017157",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017157"
            },
            {
              "name": "2743",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/2743"
            },
            {
              "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
              "refsource": "ISS",
              "url": "http://www.iss.net/threats/239.html"
            },
            {
              "name": "MS06-071",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
            },
            {
              "name": "ADV-2006-4334",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4334"
            },
            {
              "name": "http://blogs.securiteam.com/?p=717",
              "refsource": "MISC",
              "url": "http://blogs.securiteam.com/?p=717"
            },
            {
              "name": "20915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20915"
            },
            {
              "name": "22687",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22687"
            },
            {
              "name": "ie-xml-http-request-handling(30004)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/927892.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
            },
            {
              "name": "VU#585137",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/585137"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5745",
    "datePublished": "2006-11-06T18:00:00",
    "dateReserved": "2006-11-06T00:00:00",
    "dateUpdated": "2024-08-07T20:04:54.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C9B9BE3-6F83-469E-834F-3E00CFECD8E2\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el m\\u00e9todo setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar c\\u00f3digo de su elecci\\u00f3n mediante argumentos manipulados que llevan a una corrupci\\u00f3n de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de informaci\\u00f3n de terceros.\"}]",
      "id": "CVE-2006-5745",
      "lastModified": "2024-11-21T00:20:23.027",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-11-06T18:07:00.000",
      "references": "[{\"url\": \"http://blogs.securiteam.com/?p=717\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/22687\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017157\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.iss.net/threats/239.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/585137\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/927892.mspx\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/20915\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4334\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://xforce.iss.net/xforce/alerts/id/239\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.exploit-db.com/exploits/2743\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.securiteam.com/?p=717\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/22687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017157\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.iss.net/threats/239.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/585137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.microsoft.com/technet/security/advisory/927892.mspx\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/20915\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/4334\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://xforce.iss.net/xforce/alerts/id/239\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/2743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-5745\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-11-06T18:07:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el m\u00e9todo setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos manipulados que llevan a una corrupci\u00f3n de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C9B9BE3-6F83-469E-834F-3E00CFECD8E2\"}]}]}],\"references\":[{\"url\":\"http://blogs.securiteam.com/?p=717\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/22687\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017157\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.iss.net/threats/239.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/585137\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/927892.mspx\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/20915\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4334\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/239\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/2743\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.securiteam.com/?p=717\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/22687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017157\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.iss.net/threats/239.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/585137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/927892.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/20915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4334\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xforce.iss.net/xforce/alerts/id/239\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/30004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/2743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-5745

Vulnerability from fkie_nvd - Published: 2006-11-06 18:07 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.securiteam.com/?p=717
cve@mitre.org	http://secunia.com/advisories/22687	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017157
cve@mitre.org	http://www.iss.net/threats/239.html
cve@mitre.org	http://www.kb.cert.org/vuls/id/585137	US Government Resource
cve@mitre.org	http://www.microsoft.com/technet/security/advisory/927892.mspx
cve@mitre.org	http://www.securityfocus.com/bid/20915	Exploit
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4334
cve@mitre.org	http://xforce.iss.net/xforce/alerts/id/239	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
cve@mitre.org	https://www.exploit-db.com/exploits/2743
af854a3a-2127-422b-91ae-364da2661108	http://blogs.securiteam.com/?p=717
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22687	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017157
af854a3a-2127-422b-91ae-364da2661108	http://www.iss.net/threats/239.html
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/585137	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.microsoft.com/technet/security/advisory/927892.mspx
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20915	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4334
af854a3a-2127-422b-91ae-364da2661108	http://xforce.iss.net/xforce/alerts/id/239	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/2743

Impacted products

	Vendor	Product	Version
	microsoft	xml_core_services	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C9B9BE3-6F83-469E-834F-3E00CFECD8E2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el m\u00e9todo setRequestHeader en el control ActiveX XMLHTTP (XML HTTP) 4.0 en Microsoft (XML Core Services 4.0 en Windows, cuando es accedido por Internet Explorer, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante argumentos manipulados que llevan a una corrupci\u00f3n de memoria, una vulnerabilidad distinta de CVE-2006-4685. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2006-5745",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-06T18:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.securiteam.com/?p=717"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22687"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017157"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.iss.net/threats/239.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/585137"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20915"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4334"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xforce.iss.net/xforce/alerts/id/239"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/2743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.securiteam.com/?p=717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017157"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.iss.net/threats/239.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/585137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://xforce.iss.net/xforce/alerts/id/239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/2743"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-AVI-500

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans Microsoft XML Core Services (MSXML). Il s'agit plus précisément du contrôle ActiveX XMLHTTP.

Une personne malveillante pourrait exploiter cette vulnérabilité, afin de prendre le contrôle, à distance ou localement, de la machine fonctionnant sur un système vulnérable. Un scénario d'attaque possible serait une page Web construite de manière particulière : la visite de cette dernière par un navigateur autorisant les contrôles ActiveX, permettrait l'exécution de code sur le système.

Même si MSXML n'est pas distribué par défaut avec Windows, il est installé avec plusieurs logiciels.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	Microsoft XML Core Services 4.0 (pour toutes les versions de Windows) ;
	Microsoft	N/A	Microsoft XML Core Services 6.0 (pour toutes les versions de Windows).

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-071 du 14 novembre 2006	None	vendor-advisory
Avis de sécurité Microsoft 927892 du 03 novembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft XML Core Services 4.0 (pour toutes les versions de Windows) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft XML Core Services 6.0 (pour toutes les versions de Windows).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5745"
    }
  ],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 927892 du 03 novembre 2006 :",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-500",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft XML Core Services\n(\u003cspan class=\"textit\"\u003eMSXML\u003c/span\u003e). Il s\u0027agit plus pr\u00e9cis\u00e9ment du\ncontr\u00f4le ActiveX XMLHTTP.\n\nUne personne malveillante pourrait exploiter cette vuln\u00e9rabilit\u00e9, afin\nde prendre le contr\u00f4le, \u00e0 distance ou localement, de la machine\nfonctionnant sur un syst\u00e8me vuln\u00e9rable. Un sc\u00e9nario d\u0027attaque possible\nserait une page Web construite de mani\u00e8re particuli\u00e8re : la visite de\ncette derni\u00e8re par un navigateur autorisant les contr\u00f4les ActiveX,\npermettrait l\u0027ex\u00e9cution de code sur le syst\u00e8me.\n\nM\u00eame si MSXML n\u0027est pas distribu\u00e9 par d\u00e9faut avec Windows, il est\ninstall\u00e9 avec plusieurs logiciels.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft XML Core Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-071 du 14 novembre 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-071.mspx"
    }
  ]
}

CERTA-2006-AVI-500

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été identifiée dans Microsoft XML Core Services (MSXML). Il s'agit plus précisément du contrôle ActiveX XMLHTTP.

Même si MSXML n'est pas distribué par défaut avec Windows, il est installé avec plusieurs logiciels.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	N/A	Microsoft XML Core Services 4.0 (pour toutes les versions de Windows) ;
	Microsoft	N/A	Microsoft XML Core Services 6.0 (pour toutes les versions de Windows).

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-071 du 14 novembre 2006	None	vendor-advisory
Avis de sécurité Microsoft 927892 du 03 novembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft XML Core Services 4.0 (pour toutes les versions de Windows) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft XML Core Services 6.0 (pour toutes les versions de Windows).",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-5745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-5745"
    }
  ],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 Microsoft 927892 du 03 novembre 2006 :",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    }
  ],
  "reference": "CERTA-2006-AVI-500",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans Microsoft XML Core Services\n(\u003cspan class=\"textit\"\u003eMSXML\u003c/span\u003e). Il s\u0027agit plus pr\u00e9cis\u00e9ment du\ncontr\u00f4le ActiveX XMLHTTP.\n\nUne personne malveillante pourrait exploiter cette vuln\u00e9rabilit\u00e9, afin\nde prendre le contr\u00f4le, \u00e0 distance ou localement, de la machine\nfonctionnant sur un syst\u00e8me vuln\u00e9rable. Un sc\u00e9nario d\u0027attaque possible\nserait une page Web construite de mani\u00e8re particuli\u00e8re : la visite de\ncette derni\u00e8re par un navigateur autorisant les contr\u00f4les ActiveX,\npermettrait l\u0027ex\u00e9cution de code sur le syst\u00e8me.\n\nM\u00eame si MSXML n\u0027est pas distribu\u00e9 par d\u00e9faut avec Windows, il est\ninstall\u00e9 avec plusieurs logiciels.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Microsoft XML Core Services",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-071 du 14 novembre 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-071.mspx"
    }
  ]
}

GSD-2006-5745

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-5745

Aliases

CVE-2006-5745

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-5745",
    "description": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",
    "id": "GSD-2006-5745",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2006-5745"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-5745"
      ],
      "details": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",
      "id": "GSD-2006-5745",
      "modified": "2023-12-13T01:19:56.644490Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-5745",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "TA06-318A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "name": "http://xforce.iss.net/xforce/alerts/id/239",
            "refsource": "MISC",
            "url": "http://xforce.iss.net/xforce/alerts/id/239"
          },
          {
            "name": "oval:org.mitre.oval:def:104",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
          },
          {
            "name": "1017157",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017157"
          },
          {
            "name": "2743",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/2743"
          },
          {
            "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
            "refsource": "ISS",
            "url": "http://www.iss.net/threats/239.html"
          },
          {
            "name": "MS06-071",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
          },
          {
            "name": "ADV-2006-4334",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4334"
          },
          {
            "name": "http://blogs.securiteam.com/?p=717",
            "refsource": "MISC",
            "url": "http://blogs.securiteam.com/?p=717"
          },
          {
            "name": "20915",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20915"
          },
          {
            "name": "22687",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22687"
          },
          {
            "name": "ie-xml-http-request-handling(30004)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
          },
          {
            "name": "http://www.microsoft.com/technet/security/advisory/927892.mspx",
            "refsource": "CONFIRM",
            "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
          },
          {
            "name": "VU#585137",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/585137"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5745"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://xforce.iss.net/xforce/alerts/id/239",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://xforce.iss.net/xforce/alerts/id/239"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/927892.mspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
            },
            {
              "name": "http://blogs.securiteam.com/?p=717",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.securiteam.com/?p=717"
            },
            {
              "name": "VU#585137",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/585137"
            },
            {
              "name": "20915",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/20915"
            },
            {
              "name": "1017157",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017157"
            },
            {
              "name": "22687",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22687"
            },
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "20061104 Vulnerability in Microsoft XML HTTP Request Handling",
              "refsource": "ISS",
              "tags": [],
              "url": "http://www.iss.net/threats/239.html"
            },
            {
              "name": "ADV-2006-4334",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/4334"
            },
            {
              "name": "ie-xml-http-request-handling(30004)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
            },
            {
              "name": "2743",
              "refsource": "EXPLOIT-DB",
              "tags": [],
              "url": "https://www.exploit-db.com/exploits/2743"
            },
            {
              "name": "oval:org.mitre.oval:def:104",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
            },
            {
              "name": "MS06-071",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-12T21:41Z",
      "publishedDate": "2006-11-06T18:07Z"
    }
  }
}

GHSA-X5X2-7MMP-555X

Vulnerability from github – Published: 2022-05-01 07:31 – Updated: 2022-05-01 07:31

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-5745"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-11-06T18:07:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.",
  "id": "GHSA-x5x2-7mmp-555x",
  "modified": "2022-05-01T07:31:21Z",
  "published": "2022-05-01T07:31:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-5745"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/2743"
    },
    {
      "type": "WEB",
      "url": "http://blogs.securiteam.com/?p=717"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22687"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017157"
    },
    {
      "type": "WEB",
      "url": "http://www.iss.net/threats/239.html"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/585137"
    },
    {
      "type": "WEB",
      "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20915"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4334"
    },
    {
      "type": "WEB",
      "url": "http://xforce.iss.net/xforce/alerts/id/239"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200611-0102

Vulnerability from variot - Updated: 2023-12-18 10:56

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. Failed exploit attempts will result in a denial-of-service condition. An attacker could exploit this vulnerability by crafting a specially crafted web page that could allow remote code execution if a user visits the web page or clicks a link in an email message. However, user interaction is required to exploit this vulnerability.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

                    National Cyber Alert System

       Technical Cyber Security Alert TA06-318A

Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash

Original release date: November 14, 2006 Last revised: -- Source: US-CERT

Systems Affected

 * Microsoft Windows
 * Microsoft Internet Explorer
 * Adobe Flash

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash.

I. Description

Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash as part of the Microsoft Security Bulletin Summary for November 2006. Microsoft has included updates to Adobe Flash, which is installed with Internet Explorer.

Further information is available in the Vulnerability Notes Database.

II. An attacker may also be able to cause a denial of service.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the November 2006 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Note any known issues described in the Bulletins and test for any potentially adverse affects in your environment.

System administrators may wish to consider using Windows Server Update Services (WSUS).

IV. References

 * US-CERT Vulnerability Notes for Microsoft November 2006 updates - 
   <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-nov>

 * Securing Your Web Browser -
   <http://www.us-cert.gov/reading_room/securing_browser/>

 * Microsoft Security Bulletin Summary for November 2006 -
   <http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx>

 * Microsoft Update - <https://update.microsoft.com/microsoftupdate/>

 * Windows Server Update Services -
   <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA06-318A.html>

 Feedback can be directed to US-CERT Technical Staff. Please send
 email to <cert@cert.org> with "TA06-318A Feedback VU#377369" in
 the subject.

 For instructions on subscribing to or unsubscribing from this
 mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

Produced 2006 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

November 14, 2006: Initial release

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ 4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa bRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ geGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I heEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh Z0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg== =K0Wj -----END PGP SIGNATURE----- .

To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.

The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.

This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links

Read the full description: http://corporate.secunia.com/products/48/?r=l

Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l

TITLE: Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability

SECUNIA ADVISORY ID: SA22687

VERIFY ADVISORY: http://secunia.com/advisories/22687/

CRITICAL: Extremely critical

IMPACT: System access

WHERE:

From remote

OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/

SOFTWARE: Microsoft Core XML Services (MSXML) 4.x http://secunia.com/product/6472/

DESCRIPTION: A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.

The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.

Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.

NOTE: The vulnerability is already being actively exploited.

SOLUTION: Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.

ORIGINAL ADVISORY: Microsoft http://www.microsoft.com/technet/security/advisory/927892.mspx

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200611-0102",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "xml core services",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "xml core service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "4.0"
      },
      {
        "model": "xml core service",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "xml core services",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "microsoft",
        "version": "6.0"
      },
      {
        "model": "storage management appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hp",
        "version": "2.1"
      },
      {
        "model": "s8100 media servers r9",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r8",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r7",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r6",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r12",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r11",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers r10",
        "scope": null,
        "trust": 0.3,
        "vendor": "avaya",
        "version": null
      },
      {
        "model": "s8100 media servers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      },
      {
        "model": "messaging application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2006-5745",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": true,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "High",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.6,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2006-5745",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 4.9,
            "id": "VHN-21853",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-5745",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#585137",
            "trust": 0.8,
            "value": "29.77"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200611-068",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-21853",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information. Failed exploit attempts will result in a denial-of-service condition. An attacker could exploit this vulnerability by crafting a specially crafted web page that could allow remote code execution if a user visits the web page or clicks a link in an email message. However, user interaction is required to exploit this vulnerability. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n                        National Cyber Alert System\n\n\t\t   Technical Cyber Security Alert TA06-318A\n\nMicrosoft Security Updates for Windows, Internet Explorer, and Adobe Flash\n\n   Original release date: November 14, 2006\n   Last revised: --\n   Source: US-CERT\n\n\nSystems Affected\n\n     * Microsoft Windows\n     * Microsoft Internet Explorer\n     * Adobe Flash\n\n\nOverview\n\n   Microsoft has released updates that address critical vulnerabilities\n   in Microsoft Windows, Internet Explorer, and Adobe Flash. \n\nI. Description\n\n   Microsoft has released updates to address vulnerabilities in Microsoft\n   Windows, Internet Explorer, and Adobe Flash as part of the Microsoft\n   Security Bulletin Summary for November 2006. Microsoft has included updates to Adobe Flash, which is\n   installed with Internet Explorer. \n\n   Further information is available in the Vulnerability Notes Database. \n\n\nII. An attacker may also be able to cause a denial of\n   service. \n\n\nIII. Solution\n\nApply updates from Microsoft\n\n   Microsoft has provided updates for these vulnerabilities in the\n   November 2006 Security Bulletins. The Security Bulletins describe any\n   known issues related to the updates. Note any known issues described\n   in the Bulletins and test for any potentially adverse affects in your\n   environment. \n\n   System administrators may wish to consider using Windows Server Update\n   Services (WSUS). \n\n\nIV. References\n\n     * US-CERT Vulnerability Notes for Microsoft November 2006 updates - \n       \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-nov\u003e\n\n     * Securing Your Web Browser -\n       \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n     * Microsoft Security Bulletin Summary for November 2006 -\n       \u003chttp://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx\u003e\n\n     * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate/\u003e\n\n     * Windows Server Update Services -\n       \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n____________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA06-318A.html\u003e\n \n____________________________________________________________________\n\n     Feedback can be directed to US-CERT Technical Staff. Please send\n     email to \u003ccert@cert.org\u003e with \"TA06-318A Feedback VU#377369\" in\n     the subject. \n \n____________________________________________________________________\n\n     For instructions on subscribing to or unsubscribing from this\n     mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n \n____________________________________________________________________\n\n   Produced 2006 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n____________________________________________________________________\n\n\nRevision History\n\n   November 14, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ\n4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa\nbRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ\ngeGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I\nheEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh\nZ0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg==\n=K0Wj\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft XMLHTTP ActiveX Control Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA22687\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22687/\n\nCRITICAL:\nExtremely critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nMicrosoft Windows XP Professional\nhttp://secunia.com/product/22/\nMicrosoft Windows XP Home Edition\nhttp://secunia.com/product/16/\nMicrosoft Windows Server 2003 Web Edition\nhttp://secunia.com/product/1176/\nMicrosoft Windows Server 2003 Standard Edition\nhttp://secunia.com/product/1173/\nMicrosoft Windows Server 2003 Enterprise Edition\nhttp://secunia.com/product/1174/\nMicrosoft Windows Server 2003 Datacenter Edition\nhttp://secunia.com/product/1175/\nMicrosoft Windows 2000 Server\nhttp://secunia.com/product/20/\nMicrosoft Windows 2000 Professional\nhttp://secunia.com/product/1/\nMicrosoft Windows 2000 Datacenter Server\nhttp://secunia.com/product/1177/\nMicrosoft Windows 2000 Advanced Server\nhttp://secunia.com/product/21/\n\nSOFTWARE:\nMicrosoft Core XML Services (MSXML) 4.x\nhttp://secunia.com/product/6472/\n\nDESCRIPTION:\nA vulnerability has been reported in Microsoft XML Core Services,\nwhich can be exploited by malicious people to compromise a users\nsystem. \n\nThe vulnerability is caused due to an unspecified error in the\nXMLHTTP 4.0 ActiveX Control. \n\nSuccessful exploitation allows execution of arbitrary code when a\nuser e.g. visits a malicious website using Internet Explorer. \n\nNOTE: The vulnerability is already being actively exploited. \n\nSOLUTION:\nMicrosoft has recommended various workarounds including setting the\nkill-bit for the affected ActiveX control (see the vendor\u0027s advisory\nfor details). \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft\nhttp://www.microsoft.com/technet/security/advisory/927892.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      }
    ],
    "trust": 2.88
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-21853",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "20915",
        "trust": 3.6
      },
      {
        "db": "SECUNIA",
        "id": "22687",
        "trust": 3.4
      },
      {
        "db": "CERT/CC",
        "id": "VU#585137",
        "trust": 3.3
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745",
        "trust": 2.8
      },
      {
        "db": "USCERT",
        "id": "TA06-318A",
        "trust": 2.6
      },
      {
        "db": "SECTRACK",
        "id": "1017157",
        "trust": 1.7
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2743",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-4334",
        "trust": 1.7
      },
      {
        "db": "USCERT",
        "id": "SA06-318A",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068",
        "trust": 0.7
      },
      {
        "db": "MS",
        "id": "MS06-071",
        "trust": 0.6
      },
      {
        "db": "MILW0RM",
        "id": "2743",
        "trust": 0.6
      },
      {
        "db": "OVAL",
        "id": "OVAL:ORG.MITRE.OVAL:DEF:104",
        "trust": 0.6
      },
      {
        "db": "CERT/CC",
        "id": "TA06-318A",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "30004",
        "trust": 0.6
      },
      {
        "db": "ISS",
        "id": "20061104 VULNERABILITY IN MICROSOFT XML HTTP REQUEST HANDLING",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "16532",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2753",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2749",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-71046",
        "trust": 0.1
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-459",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "83032",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "52175",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "51658",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "id": "VAR-200611-0102",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T10:56:18.957000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "927892",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
      },
      {
        "title": "MS06-071",
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx"
      },
      {
        "title": "927892",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/advisory/927892.mspx"
      },
      {
        "title": "MS06-071",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-071.mspx"
      },
      {
        "title": "MS06-071e",
        "trust": 0.8,
        "url": "http://www.microsoft.com/japan/security/bulletins/ms06-071e.mspx"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.3,
        "url": "http://www.securityfocus.com/bid/20915"
      },
      {
        "trust": 2.9,
        "url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
      },
      {
        "trust": 2.5,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx"
      },
      {
        "trust": 2.5,
        "url": "http://xforce.iss.net/xforce/alerts/id/239"
      },
      {
        "trust": 2.5,
        "url": "http://blogs.securiteam.com/?p=717"
      },
      {
        "trust": 2.5,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-318a.html"
      },
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/585137"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22687/"
      },
      {
        "trust": 1.7,
        "url": "http://www.iss.net/threats/239.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1017157"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/22687"
      },
      {
        "trust": 1.4,
        "url": "http://www.frsirt.com/english/advisories/2006/4334"
      },
      {
        "trust": 1.1,
        "url": "https://www.exploit-db.com/exploits/2743"
      },
      {
        "trust": 1.1,
        "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
      },
      {
        "trust": 1.1,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a104"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/4334"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
      },
      {
        "trust": 0.8,
        "url": "http://isc.sans.org/diary.php?storyid=1823"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5745"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2006/at060019.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2006/at060018.txt"
      },
      {
        "trust": 0.8,
        "url": "http://www.jpcert.or.jp/at/2007/at070016.txt"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu%23585137/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnta06-318a/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trta06-318a"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/tr/trvu%23585137/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5745"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/cas/alerts/sa06-318a.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2006/20061105_092738.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cyberpolice.go.jp/important/2006/20061115_072449.html"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/30004"
      },
      {
        "trust": 0.6,
        "url": "http://www.milw0rm.com/exploits/2743"
      },
      {
        "trust": 0.6,
        "url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:104"
      },
      {
        "trust": 0.3,
        "url": "http://blogs.pandasoftware.com/blogs/images/pandalabs/2007/05/11/mpack.pdf"
      },
      {
        "trust": 0.3,
        "url": "http://www.microsoft.com/"
      },
      {
        "trust": 0.3,
        "url": "http://support.avaya.com/elmodocs2/security/asa-2006-253.htm"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "https://update.microsoft.com/microsoftupdate/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta06-318a.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-nov\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1173/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/22/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/products/48/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/21/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1174/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1176/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1175/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/6472/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1177/"
      },
      {
        "trust": 0.1,
        "url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/20/"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-05T00:00:00",
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "date": "2006-11-06T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "date": "2006-11-03T00:00:00",
        "db": "BID",
        "id": "20915"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "date": "2006-11-16T16:02:41",
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "date": "2006-11-06T05:09:25",
        "db": "PACKETSTORM",
        "id": "51658"
      },
      {
        "date": "2006-11-06T18:07:00",
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "date": "2006-11-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-11-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#585137"
      },
      {
        "date": "2018-10-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-21853"
      },
      {
        "date": "2007-05-15T20:48:00",
        "db": "BID",
        "id": "20915"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000756"
      },
      {
        "date": "2018-10-12T21:41:43.373000",
        "db": "NVD",
        "id": "CVE-2006-5745"
      },
      {
        "date": "2008-12-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "52175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft XML Core Services XMLHTTP ActiveX control vulnerability",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#585137"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Boundary Condition Error",
    "sources": [
      {
        "db": "BID",
        "id": "20915"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200611-068"
      }
    ],
    "trust": 0.9
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-5745 (GCVE-0-2006-5745)

FKIE_CVE-2006-5745

CERTA-2006-AVI-500

Description

Solution

CERTA-2006-AVI-500

Description

Solution

GSD-2006-5745

GHSA-X5X2-7MMP-555X

VAR-200611-0102

Tags

Sightings

Nomenclature