Microsoft XML Core Services XMLHTTP ActiveX Control Server-side Redirect Information Disclosure

2006-10-10T16:04:36
ID OSVDB:29425
Type osvdb
Reporter OSVDB
Modified 2006-10-10T16:04:36

Description

Vulnerability Description

Microsoft Core XML services contain a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the XMLHTTP ActiveX control incorrectly handles a server-side redirect, i.e via a specially crafted web page, which can disclose certain information and compromise the affected system.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Microsoft Core XML services contain a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the XMLHTTP ActiveX control incorrectly handles a server-side redirect, i.e via a specially crafted web page, which can disclose certain information and compromise the affected system.

References:

Security Tracker: 1017033 Secunia Advisory ID:22333 Related OSVDB ID: 29426 Microsoft Security Bulletin: MS06-061 Microsoft Knowledge Base Article: 924191 ISS X-Force ID: 29206 CVE-2006-4685 CERT VU: 547212