7.6
CVE-2006-5745
- EPSS 75.95%
- Veröffentlicht 06.11.2006 18:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:46
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Xml Core Services Version4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 75.95% | 0.995 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://blogs.securiteam.com/?p=717
http://secunia.com/advisories/22687
http://securitytracker.com/id?1017157
http://www.iss.net/threats/239.html
http://www.kb.cert.org/vuls/id/585137
http://www.microsoft.com/technet/security/advisory/927892.mspx
http://www.securityfocus.com/bid/20915
http://www.vupen.com/english/advisories/2006/4334
http://xforce.iss.net/xforce/alerts/id/239
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
https://www.exploit-db.com/exploits/2743