Executive Summary

Summary
Title Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Informations
Name KB927892 First vendor Publication 2006-11-03
Vendor Microsoft Last vendor Modification 2006-11-14
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.6 Attack Range Network
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-071 to address this issue. For more information about this issue, including download links for an available security update, please review MS06-071. The vulnerability addressed is the Microsoft XML Core Services Vulnerability - CVE-2006-5745.


Original Source

Url : http://www.microsoft.com/technet/security/advisory/927892.mspx

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:104
 
Oval ID: oval:org.mitre.oval:def:104
Title: Microsoft XML Core Services Vulnerability
Description: Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2006-5745
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft XML Core Services
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

SAINT Exploits

Description Link
Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability More info here

Open Source Vulnerability Database (OSVDB)

Id Description
30208 Microsoft XMLHTTP ActiveX Control setRequestHeader Method Arbitrary Code Exec...

Snort® IPS/IDS

Date Description
2014-01-10 XMLHTTP 4.0 ActiveX clsid unicode access
RuleID : 8728 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer XMLHTTP 4.0 ActiveX clsid access
RuleID : 8727 - Revision : 17 - Type : BROWSER-PLUGINS
2014-01-10 ActiveX clsid unicode access
RuleID : 8406 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer ActiveX clsid access
RuleID : 8405 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Core XML core services XMLHTTP control open method code execution a...
RuleID : 16090 - Revision : 11 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2006-11-14 Name : Arbitrary code can be executed on the remote host through the web or email cl...
File : smb_nt_ms06-071.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 12:20:22
  • Multiple Updates