CVE-2006-5745

CVE-2006-5745 describes a memory-corruption vulnerability in the XMLHTTP ActiveX Control (MSXML4) used by Internet Explorer on Windows, enabling remote code execution when an attacker crafts arguments to setRequestHeader in the XMLHTTP 4.0 control. The issue affects Microsoft XML Core Services 4....

Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations

Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...

CVE-2006-4685

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains...

MSXML 6.0 RTM Security Update (KB927977)

A vulnerability exists in the XMLHTTP ActiveX control within Microsoft XML Core Services that could allow for remote code execution...