Vulnerability Details : CVE-2006-5745

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
Vulnerability category: Memory CorruptionExecute code
Published 2006-11-06 18:07:00
Updated 2018-10-12 21:41:43
Source MITRE
View at NVD,
At least one public exploit which can be used to exploit this vulnerability exists!

Exploit prediction scoring system (EPSS) score for CVE-2006-5745

Probability of exploitation activity in the next 30 days: 97.39%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2006-5745

  • MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling
    Disclosure Date : 2006-10-10
    This module exploits a code execution vulnerability in Microsoft XML Core Services which exists in the XMLHTTP ActiveX control. This module is the modified version of - credit to str0ke. This module has been successfully tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6 + Microsoft XML Core Services 4.0 SP2. Authors: - Trirat Puttaraksa <[email protected]>

CVSS scores for CVE-2006-5745

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]

References for CVE-2006-5745

Products affected by CVE-2006-5745

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!