Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

2006-11-17T00:00:00
ID SAINT:2F35619AB23838DCA1AE81FBD0887DD8
Type saint
Reporter SAINT Corporation
Modified 2006-11-17T00:00:00

Description

Added: 11/17/2006
CVE: CVE-2006-5745
BID: 20915
OSVDB: 30208

Background

Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data.

Problem

A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a user loads a web page which calls the setRequestHeader method with invalid parameters.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-071.

References

<http://www.kb.cert.org/vuls/id/585137>

Limitations

Exploit works on Internet Explorer 6 with Microsoft XML Core Services 4.0 Service Pack 2.

Successful exploitation requires a user to load the exploit page into Internet Explorer. There may be a delay before the exploit succeeds due to the large amount of memory required.

Platforms

Windows