CVE-2006-4685

Summary (CVE-2006-4685) The XMLHTTP ActiveX control in MSXML/MSXML Core Services (versions 2.6, 3.0–6.0) incorrectly handles server-side redirects, enabling remote, user-assisted access to content from other domains. This information-disclosure vulnerability can let an attacker read cookies or da...

CVE-2006-4686

CVE-2006-4686 is a Web-exploitable vulnerability in the XSLT processing of Microsoft XML Core Services (MSXML) 2.6 and MSXML Core Services 3.0–6.0 . The issue is a buffer overflow in the XSLT component that could allow a remote attacker to execute arbitrary code by convincing a user to view a cra...