Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-5745

8 documents5 sources

Severity

7.6HIGH

EPSS

87.4%

top 0.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft XML Core Services

Timeline

PublishedNov 6

Latest updateMay 1

Description

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/xml_core_services4.0

🔴Vulnerability Details

GHSA

GHSA-x5x2-7mmp-555x: Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4↗2022-05-01

▶

CVEList

CVE-2006-5745: Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4↗2006-11-06

▶

VulnCheck

Microsoft XML Core Services Vulnerability↗2006

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Internet Explorer - XML Core Services HTTP Request Handling (MS06-071) (Metasploit)↗2010-07-03

▶

Exploit-DB

Microsoft Internet Explorer 6/7 - XML Core Services Remote Code Execution (2)↗2006-11-10

▶

Exploit-DB

Microsoft Internet Explorer 6/7 - XML Core Services Remote Code Execution (3)↗2006-11-10

▶

Exploit-DB

Microsoft Internet Explorer 6/7 - XML Core Services Remote Code Execution (1)↗2006-11-08

▶