Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data.
A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a user loads a web page which calls the setRequestHeader method with invalid parameters.
Apply the patch referenced in Microsoft Security Bulletin 06-071.
Exploit works on Internet Explorer 6 with Microsoft XML Core Services 4.0 Service Pack 2.
Successful exploitation requires a user to load the exploit page into Internet Explorer. There may be a delay before the exploit succeeds due to the large amount of memory required.