CVE-2006-5745
CVE-2006-5745
Vexday Risk Score
82Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 75.9%KEV nãoPoC públicaNuclei —Metasploit simPatch referenciado
Lifecycle
10 Oct 2006Metasploit module available
06 Nov 2006Published on NVD
10 Nov 2006Public PoC
Weaponization speed
3 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Patch as soon as possible — active exploitation confirmed.
Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.
Affected products
n/a · n/apublic PoCs found — 4
exploitdbwww.exploit-db.com/exploits/16532unverifiedcve_referencewww.exploit-db.com/exploits/2743unverifiedexploitdbwww.exploit-db.com/exploits/2749unverifiedexploitdbwww.exploit-db.com/exploits/2753unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://blogs.securiteam.com/?p=717https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-071http://secunia.com/advisories/22687http://securitytracker.com/id?1017157https://exchange.xforce.ibmcloud.com/vulnerabilities/30004https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104https://www.exploit-db.com/exploits/2743http://www.iss.net/threats/239.htmlhttp://www.kb.cert.org/vuls/id/585137http://www.microsoft.com/technet/security/advisory/927892.mspxhttp://www.securityfocus.com/bid/20915http://www.us-cert.gov/cas/techalerts/TA06-318A.html