CVE-2006-5745

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.

Published: Nov 6, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-5745
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / xml_core_services	4.0	4.0.x

http://blogs.securiteam.com/?p=717
http://secunia.com/advisories/22687
http://securitytracker.com/id?1017157
http://www.iss.net/threats/239.html
http://www.kb.cert.org/vuls/id/585137
http://www.microsoft.com/technet/security/advisory/927892.mspx
http://www.securityfocus.com/bid/20915
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://www.vupen.com/english/advisories/2006/4334
http://xforce.iss.net/xforce/alerts/id/239
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
https://www.exploit-db.com/exploits/2743

Vulnerability Database

289,599

CVE-2006-5745