CVE-2006-4685
published 2006-10-10CVE-2006-4685: The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows…
low2.6CVSS 3.1
AVNACHAuNCPINAN
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | xml_core_services | — | — |
| microsoft | xml_core_services | — | — |
| microsoft | xml_core_services | — | — |
| microsoft | xml_parser | — | — |
CVSS provenance
nvd7.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck2.6LOW