var-200611-0102
Vulnerability from variot
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. Failed exploit attempts will result in a denial-of-service condition. An attacker could exploit this vulnerability by crafting a specially crafted web page that could allow remote code execution if a user visits the web page or clicks a link in an email message. However, user interaction is required to exploit this vulnerability.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-318A
Microsoft Security Updates for Windows, Internet Explorer, and Adobe Flash
Original release date: November 14, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Explorer
* Adobe Flash
Overview
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash.
I. Description
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, and Adobe Flash as part of the Microsoft Security Bulletin Summary for November 2006. Microsoft has included updates to Adobe Flash, which is installed with Internet Explorer.
Further information is available in the Vulnerability Notes Database.
II. An attacker may also be able to cause a denial of service.
III. Solution
Apply updates from Microsoft
Microsoft has provided updates for these vulnerabilities in the November 2006 Security Bulletins. The Security Bulletins describe any known issues related to the updates. Note any known issues described in the Bulletins and test for any potentially adverse affects in your environment.
System administrators may wish to consider using Windows Server Update Services (WSUS).
IV. References
* US-CERT Vulnerability Notes for Microsoft November 2006 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-nov>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/>
* Microsoft Security Bulletin Summary for November 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-318A.html>
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@cert.org> with "TA06-318A Feedback VU#377369" in
the subject.
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
November 14, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ 4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa bRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ geGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I heEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh Z0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg== =K0Wj -----END PGP SIGNATURE----- .
To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German.
The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios.
This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links
Read the full description: http://corporate.secunia.com/products/48/?r=l
Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l
TITLE: Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability
SECUNIA ADVISORY ID: SA22687
VERIFY ADVISORY: http://secunia.com/advisories/22687/
CRITICAL: Extremely critical
IMPACT: System access
WHERE:
From remote
OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/
SOFTWARE: Microsoft Core XML Services (MSXML) 4.x http://secunia.com/product/6472/
DESCRIPTION: A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a users system.
The vulnerability is caused due to an unspecified error in the XMLHTTP 4.0 ActiveX Control.
Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website using Internet Explorer.
NOTE: The vulnerability is already being actively exploited.
SOLUTION: Microsoft has recommended various workarounds including setting the kill-bit for the affected ActiveX control (see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Discovered as a 0-day.
ORIGINAL ADVISORY: Microsoft http://www.microsoft.com/technet/security/advisory/927892.mspx
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200611-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xml core services",
"scope": "eq",
"trust": 1.9,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": "xml core service",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "4.0"
},
{
"model": "xml core service",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "xml core services",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "storage management appliance",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.1"
},
{
"model": "s8100 media servers r9",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers r8",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers r7",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers r6",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers r12",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers r11",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers r10",
"scope": null,
"trust": 0.3,
"vendor": "avaya",
"version": null
},
{
"model": "s8100 media servers",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
},
{
"model": "messaging application server",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#585137"
},
{
"db": "BID",
"id": "20915"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:xml_core_services:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5745"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
],
"trust": 0.6
},
"cve": "CVE-2006-5745",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2006-5745",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 4.9,
"id": "VHN-21853",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-5745",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#585137",
"trust": 0.8,
"value": "29.77"
},
{
"author": "CNNVD",
"id": "CNNVD-200611-068",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-21853",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#585137"
},
{
"db": "VULHUB",
"id": "VHN-21853"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. Failed exploit attempts will result in a denial-of-service condition. An attacker could exploit this vulnerability by crafting a specially crafted web page that could allow remote code execution if a user visits the web page or clicks a link in an email message. However, user interaction is required to exploit this vulnerability. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n\t\t Technical Cyber Security Alert TA06-318A\n\nMicrosoft Security Updates for Windows, Internet Explorer, and Adobe Flash\n\n Original release date: November 14, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Explorer\n * Adobe Flash\n\n\nOverview\n\n Microsoft has released updates that address critical vulnerabilities\n in Microsoft Windows, Internet Explorer, and Adobe Flash. \n\nI. Description\n\n Microsoft has released updates to address vulnerabilities in Microsoft\n Windows, Internet Explorer, and Adobe Flash as part of the Microsoft\n Security Bulletin Summary for November 2006. Microsoft has included updates to Adobe Flash, which is\n installed with Internet Explorer. \n\n Further information is available in the Vulnerability Notes Database. \n\n\nII. An attacker may also be able to cause a denial of\n service. \n\n\nIII. Solution\n\nApply updates from Microsoft\n\n Microsoft has provided updates for these vulnerabilities in the\n November 2006 Security Bulletins. The Security Bulletins describe any\n known issues related to the updates. Note any known issues described\n in the Bulletins and test for any potentially adverse affects in your\n environment. \n\n System administrators may wish to consider using Windows Server Update\n Services (WSUS). \n\n\nIV. References\n\n * US-CERT Vulnerability Notes for Microsoft November 2006 updates - \n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-nov\u003e\n\n * Securing Your Web Browser -\n \u003chttp://www.us-cert.gov/reading_room/securing_browser/\u003e\n\n * Microsoft Security Bulletin Summary for November 2006 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx\u003e\n\n * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate/\u003e\n\n * Windows Server Update Services -\n \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-318A.html\u003e\n \n____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-318A Feedback VU#377369\" in\n the subject. \n \n____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n \n____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n____________________________________________________________________\n\n\nRevision History\n\n November 14, 2006: Initial release\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRVpHwexOF3G+ig+rAQLUEAf9FSKBHOCuPIRuJYJYgY9th7ZRtNdxsWWQ\n4ulkdZVv3P682sQEtF6glpLN1h+YHA1oF93uLp6T+7FKlxP1MYrxRPP5p1nH+fCa\nbRmVxUSATuDrxaTZmJWcJcL8zvaNTqkkDBCpG8GN32OCwgE40xNJRsKiv2UuIAYJ\ngeGl8mK5PGb4Sr0Bjlw2n5fbcKkjoJXYmkxV3CXzvpPrtS1fIq0rZ19sRB4+Jw3I\nheEM7rKGMo3N4OUEYTpt2yW1Mpj2zVyWo2O8PWJmuMZq1lCsECrvTvfk4/q3s4Yh\nZ0l6F4Ps6L2D5PkNkg08EgxvbiPHYI8B8VZ1SlitvOcKiVOggyxYrg==\n=K0Wj\n-----END PGP SIGNATURE-----\n. \n\n----------------------------------------------------------------------\n\nTo improve our services to our customers, we have made a number of\nadditions to the Secunia Advisories and have started translating the\nadvisories to German. \n\nThe improvements will help our customers to get a better\nunderstanding of how we reached our conclusions, how it was rated,\nour thoughts on exploitation, attack vectors, and scenarios. \n\nThis includes:\n* Reason for rating\n* Extended description\n* Extended solution\n* Exploit code or links to exploit code\n* Deep links\n\nRead the full description:\nhttp://corporate.secunia.com/products/48/?r=l\n\nContact Secunia Sales for more information:\nhttp://corporate.secunia.com/how_to_buy/15/?r=l\n\n----------------------------------------------------------------------\n\nTITLE:\nMicrosoft XMLHTTP ActiveX Control Code Execution Vulnerability\n\nSECUNIA ADVISORY ID:\nSA22687\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/22687/\n\nCRITICAL:\nExtremely critical\n\nIMPACT:\nSystem access\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nMicrosoft Windows XP Professional\nhttp://secunia.com/product/22/\nMicrosoft Windows XP Home Edition\nhttp://secunia.com/product/16/\nMicrosoft Windows Server 2003 Web Edition\nhttp://secunia.com/product/1176/\nMicrosoft Windows Server 2003 Standard Edition\nhttp://secunia.com/product/1173/\nMicrosoft Windows Server 2003 Enterprise Edition\nhttp://secunia.com/product/1174/\nMicrosoft Windows Server 2003 Datacenter Edition\nhttp://secunia.com/product/1175/\nMicrosoft Windows 2000 Server\nhttp://secunia.com/product/20/\nMicrosoft Windows 2000 Professional\nhttp://secunia.com/product/1/\nMicrosoft Windows 2000 Datacenter Server\nhttp://secunia.com/product/1177/\nMicrosoft Windows 2000 Advanced Server\nhttp://secunia.com/product/21/\n\nSOFTWARE:\nMicrosoft Core XML Services (MSXML) 4.x\nhttp://secunia.com/product/6472/\n\nDESCRIPTION:\nA vulnerability has been reported in Microsoft XML Core Services,\nwhich can be exploited by malicious people to compromise a users\nsystem. \n\nThe vulnerability is caused due to an unspecified error in the\nXMLHTTP 4.0 ActiveX Control. \n\nSuccessful exploitation allows execution of arbitrary code when a\nuser e.g. visits a malicious website using Internet Explorer. \n\nNOTE: The vulnerability is already being actively exploited. \n\nSOLUTION:\nMicrosoft has recommended various workarounds including setting the\nkill-bit for the affected ActiveX control (see the vendor\u0027s advisory\nfor details). \n\nPROVIDED AND/OR DISCOVERED BY:\nDiscovered as a 0-day. \n\nORIGINAL ADVISORY:\nMicrosoft\nhttp://www.microsoft.com/technet/security/advisory/927892.mspx\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"db": "CERT/CC",
"id": "VU#585137"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"db": "BID",
"id": "20915"
},
{
"db": "VULHUB",
"id": "VHN-21853"
},
{
"db": "PACKETSTORM",
"id": "52175"
},
{
"db": "PACKETSTORM",
"id": "51658"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-21853",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21853"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "20915",
"trust": 3.6
},
{
"db": "SECUNIA",
"id": "22687",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#585137",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2006-5745",
"trust": 2.8
},
{
"db": "USCERT",
"id": "TA06-318A",
"trust": 2.6
},
{
"db": "SECTRACK",
"id": "1017157",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "2743",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-4334",
"trust": 1.7
},
{
"db": "USCERT",
"id": "SA06-318A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068",
"trust": 0.7
},
{
"db": "MS",
"id": "MS06-071",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "2743",
"trust": 0.6
},
{
"db": "OVAL",
"id": "OVAL:ORG.MITRE.OVAL:DEF:104",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "TA06-318A",
"trust": 0.6
},
{
"db": "XF",
"id": "30004",
"trust": 0.6
},
{
"db": "ISS",
"id": "20061104 VULNERABILITY IN MICROSOFT XML HTTP REQUEST HANDLING",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "16532",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2753",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "2749",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71046",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-459",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "83032",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-21853",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "52175",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "51658",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#585137"
},
{
"db": "VULHUB",
"id": "VHN-21853"
},
{
"db": "BID",
"id": "20915"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"db": "PACKETSTORM",
"id": "52175"
},
{
"db": "PACKETSTORM",
"id": "51658"
},
{
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"id": "VAR-200611-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21853"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T10:56:18.957000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "927892",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
},
{
"title": "MS06-071",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx"
},
{
"title": "927892",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/advisory/927892.mspx"
},
{
"title": "MS06-071",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-071.mspx"
},
{
"title": "MS06-071e",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/security/bulletins/ms06-071e.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5745"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.securityfocus.com/bid/20915"
},
{
"trust": 2.9,
"url": "http://www.microsoft.com/technet/security/advisory/927892.mspx"
},
{
"trust": 2.5,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx"
},
{
"trust": 2.5,
"url": "http://xforce.iss.net/xforce/alerts/id/239"
},
{
"trust": 2.5,
"url": "http://blogs.securiteam.com/?p=717"
},
{
"trust": 2.5,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-318a.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/585137"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22687/"
},
{
"trust": 1.7,
"url": "http://www.iss.net/threats/239.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1017157"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/22687"
},
{
"trust": 1.4,
"url": "http://www.frsirt.com/english/advisories/2006/4334"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/2743"
},
{
"trust": 1.1,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071"
},
{
"trust": 1.1,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a104"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/4334"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30004"
},
{
"trust": 0.8,
"url": "http://isc.sans.org/diary.php?storyid=1823"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5745"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2006/at060019.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2006/at060018.txt"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2007/at070016.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu%23585137/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-318a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-318a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trvu%23585137/index.html"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-5745"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-318a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20061105_092738.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20061115_072449.html"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/30004"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/2743"
},
{
"trust": 0.6,
"url": "http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:104"
},
{
"trust": 0.3,
"url": "http://blogs.pandasoftware.com/blogs/images/pandalabs/2007/05/11/mpack.pdf"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/"
},
{
"trust": 0.3,
"url": "http://support.avaya.com/elmodocs2/security/asa-2006-253.htm"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx\u003e"
},
{
"trust": 0.1,
"url": "https://update.microsoft.com/microsoftupdate/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-318a.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-nov\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1173/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/22/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/products/48/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/21/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1174/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1176/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1175/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6472/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1177/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/how_to_buy/15/?r=l"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/20/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#585137"
},
{
"db": "VULHUB",
"id": "VHN-21853"
},
{
"db": "BID",
"id": "20915"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"db": "PACKETSTORM",
"id": "52175"
},
{
"db": "PACKETSTORM",
"id": "51658"
},
{
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#585137"
},
{
"db": "VULHUB",
"id": "VHN-21853"
},
{
"db": "BID",
"id": "20915"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"db": "PACKETSTORM",
"id": "52175"
},
{
"db": "PACKETSTORM",
"id": "51658"
},
{
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-05T00:00:00",
"db": "CERT/CC",
"id": "VU#585137"
},
{
"date": "2006-11-06T00:00:00",
"db": "VULHUB",
"id": "VHN-21853"
},
{
"date": "2006-11-03T00:00:00",
"db": "BID",
"id": "20915"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"date": "2006-11-16T16:02:41",
"db": "PACKETSTORM",
"id": "52175"
},
{
"date": "2006-11-06T05:09:25",
"db": "PACKETSTORM",
"id": "51658"
},
{
"date": "2006-11-06T18:07:00",
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"date": "2006-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-14T00:00:00",
"db": "CERT/CC",
"id": "VU#585137"
},
{
"date": "2018-10-12T00:00:00",
"db": "VULHUB",
"id": "VHN-21853"
},
{
"date": "2007-05-15T20:48:00",
"db": "BID",
"id": "20915"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000756"
},
{
"date": "2018-10-12T21:41:43.373000",
"db": "NVD",
"id": "CVE-2006-5745"
},
{
"date": "2008-12-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "52175"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft XML Core Services XMLHTTP ActiveX control vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#585137"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "20915"
},
{
"db": "CNNVD",
"id": "CNNVD-200611-068"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.