CVE-2006-4685

3 documents3 sources

Severity

2.6LOW

EPSS

55.4%

top 1.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft XML Core Services Microsoft XML Parser

Timeline

PublishedOct 10

Latest updateMay 1

Description

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.

CVSS vector

AV:N/AC:H/C:P/I:N/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/xml_core_services3.0, 4.0, 6.0+2

▶NVDmicrosoft/xml_parser2.6

🔴Vulnerability Details

GHSA

GHSA-9w44-mcv5-p9qh: The XMLHTTP ActiveX control in Microsoft XML Parser 2↗2022-05-01

▶

CVEList

CVE-2006-4685: The XMLHTTP ActiveX control in Microsoft XML Parser 2↗2006-10-10

▶