Executive Summary
Summary | |
---|---|
Title | Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB927892 | First vendor Publication | 2006-11-03 |
Vendor | Microsoft | Last vendor Modification | 2006-11-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.6 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-071 to address this issue. For more information about this issue, including download links for an available security update, please review MS06-071. The vulnerability addressed is the Microsoft XML Core Services Vulnerability - CVE-2006-5745. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/927892.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:104 | |||
Oval ID: | oval:org.mitre.oval:def:104 | ||
Title: | Microsoft XML Core Services Vulnerability | ||
Description: | Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-5745 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft XML Core Services |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30208 | Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Exec... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | XMLHTTP 4.0 ActiveX clsid unicode access RuleID : 8728 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access RuleID : 8727 - Revision : 17 - Type : BROWSER-PLUGINS |
2014-01-10 | ActiveX clsid unicode access RuleID : 8406 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer ActiveX clsid access RuleID : 8405 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Core XML core services XMLHTTP control open method code execution a... RuleID : 16090 - Revision : 11 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-11-14 | Name : Arbitrary code can be executed on the remote host through the web or email cl... File : smb_nt_ms06-071.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 12:20:22 |
|