Executive Summary
| Informations | |||
|---|---|---|---|
| Name | MS06-071 | First vendor Publication | 2006-11-14 |
| Vendor | Microsoft | Last vendor Modification | 2006-11-14 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.6 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A remote code execution vulnerability exists in the Microsoft XML Core Services (MSXML) implementation in Microsoft Windows. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx?pubDate=2 (...) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:104 | |||
| Oval ID: | oval:org.mitre.oval:def:104 | ||
| Title: | Microsoft XML Core Services Vulnerability | ||
| Description: | Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-5745 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft XML Core Services |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-07-03 | Internet Explorer XML Core Services HTTP Request Handling |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 30208 | Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Exec... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | XMLHTTP 4.0 ActiveX clsid unicode access RuleID : 8728 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access RuleID : 8727 - Revision : 17 - Type : BROWSER-PLUGINS |
| 2014-01-10 | ActiveX clsid unicode access RuleID : 8406 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer ActiveX clsid access RuleID : 8405 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Core XML core services XMLHTTP control open method code execution a... RuleID : 16090 - Revision : 11 - Type : BROWSER-PLUGINS |
Metasploit Database
| id | Description |
|---|---|
| 2006-10-10 | MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2012-10-30 | Name : The remote Windows host contains unsupported XML parsers. File : ms_msxml_unsupported.nasl - Type : ACT_GATHER_INFO |
| 2006-11-14 | Name : Arbitrary code can be executed on the remote host through the web or email cl... File : smb_nt_ms06-071.nasl - Type : ACT_GATHER_INFO |
| 2006-10-10 | Name : Arbitrary code can be executed on the remote host through the web or email cl... File : smb_nt_ms06-061.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2020-05-23 13:17:12 |
|
| 2014-04-01 14:39:30 |
|
| 2014-02-17 11:45:32 |
|
| 2014-01-19 21:30:02 |
|
