7.6

CVE-2006-5745

Exploit

EPSS 87.27%
Veröffentlicht 06.11.2006 18:07:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 17

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Xml Core Services Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	87.27%	0.994

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA06-318A.html

US Government Resource

http://blogs.securiteam.com/?p=717

http://secunia.com/advisories/22687

Vendor Advisory

http://securitytracker.com/id?1017157

http://www.iss.net/threats/239.html

http://www.kb.cert.org/vuls/id/585137

US Government Resource

http://www.microsoft.com/technet/security/advisory/927892.mspx

http://www.securityfocus.com/bid/20915

Exploit

http://www.vupen.com/english/advisories/2006/4334

http://xforce.iss.net/xforce/alerts/id/239

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071

https://exchange.xforce.ibmcloud.com/vulnerabilities/30004

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104

https://www.exploit-db.com/exploits/2743

https://nvd.nist.gov/vuln/detail/CVE-2006-5745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5745

EUVD