7.6

CVE-2006-5745

Exploit

EPSS 87.27%
Published 06.11.2006 18:07:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685.  NOTE: some of these details are obtained from third party information.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Xml Core Services Version4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	87.27%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.6	4.9	10	AV:N/AC:H/Au:N/C:C/I:C/A:C

http://www.us-cert.gov/cas/techalerts/TA06-318A.html

US Government Resource

http://blogs.securiteam.com/?p=717

http://secunia.com/advisories/22687

Vendor Advisory

http://securitytracker.com/id?1017157

http://www.iss.net/threats/239.html

http://www.kb.cert.org/vuls/id/585137

US Government Resource

http://www.microsoft.com/technet/security/advisory/927892.mspx

http://www.securityfocus.com/bid/20915

Exploit

http://www.vupen.com/english/advisories/2006/4334

http://xforce.iss.net/xforce/alerts/id/239

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071

https://exchange.xforce.ibmcloud.com/vulnerabilities/30004

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104

https://www.exploit-db.com/exploits/2743

https://nvd.nist.gov/vuln/detail/CVE-2006-5745

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-5745

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-5745

EUVD