7.1 High
AI Score
Confidence
Low
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:xml_core_services | microsoft xml core services | eq | 4.0 |
blogs.securiteam.com/?p=717
secunia.com/advisories/22687
securitytracker.com/id?1017157
www.iss.net/threats/239.html
www.kb.cert.org/vuls/id/585137
www.microsoft.com/technet/security/advisory/927892.mspx
www.securityfocus.com/bid/20915
www.us-cert.gov/cas/techalerts/TA06-318A.html
www.vupen.com/english/advisories/2006/4334
xforce.iss.net/xforce/alerts/id/239
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
exchange.xforce.ibmcloud.com/vulnerabilities/30004
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
www.exploit-db.com/exploits/2743