Microsoft XMLHTTP ActiveX control setRequestHeader vulnerability

Added: 11/17/2006
CVE: CVE-2006-5745
BID: 20915
OSVDB: 30208

Background

Microsoft XML Core Services includes the XMLHTTP ActiveX control, which allows web pages to send and receive XML data.

Problem

A memory corruption vulnerability in the XMLHTTP ActiveX control allows command execution when a user loads a web page which calls the setRequestHeader method with invalid parameters.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 06-071.

References

http://www.kb.cert.org/vuls/id/585137

Limitations

Exploit works on Internet Explorer 6 with Microsoft XML Core Services 4.0 Service Pack 2.

Successful exploitation requires a user to load the exploit page into Internet Explorer. There may be a delay before the exploit succeeds due to the large amount of memory required.

Platforms

Windows

Back to exploit index