CVE-2006-5745 | Vulnerability Database | Aqua Security

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.

Affected Software

Name	Vendor	Start Version	End Version
Xml_core_services	Microsoft	4.0 (including)	4.0 (including)

References

http://blogs.securiteam.com/?p=717
http://secunia.com/advisories/22687
http://securitytracker.com/id?1017157
http://www.iss.net/threats/239.html
http://www.kb.cert.org/vuls/id/585137
http://www.microsoft.com/technet/security/advisory/927892.mspx
http://www.securityfocus.com/bid/20915
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://www.vupen.com/english/advisories/2006/4334
http://xforce.iss.net/xforce/alerts/id/239
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071
https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
https://www.exploit-db.com/exploits/2743

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-5745
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html