7.6

CVE-2006-5745

Exploit
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftXml Core Services Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 75.95% 0.995
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.6 4.9 10
AV:N/AC:H/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
US Government Resource
http://blogs.securiteam.com/?p=717
http://secunia.com/advisories/22687
Vendor Advisory
http://securitytracker.com/id?1017157
http://www.iss.net/threats/239.html
http://www.kb.cert.org/vuls/id/585137
US Government Resource
http://www.microsoft.com/technet/security/advisory/927892.mspx
http://www.securityfocus.com/bid/20915
Exploit
http://www.vupen.com/english/advisories/2006/4334
http://xforce.iss.net/xforce/alerts/id/239
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
https://www.exploit-db.com/exploits/2743