Status Tracking Note TRVU#585137

Microsoft XML Core Services XMLHTTP ActiveX control vulnerability

Overview

The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Event Information

Date (UTC)Description
2006-11-15 05:56 JPCERT/CC
JPCERT-AT-2006-0018: Microsoft XML Core Services vulnerability
Update notification of Microsoft XML Core Services vulnerability
2006-11-14 Microsoft
Microsoft Security Advisory (927892): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-071 to address this issue.
2006-11-14 Microsoft
MS06-071: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
This update addresses several newly discovered, privately and publicly reported vulnerabilities.
2006-11-08 20:40 Symantec
ThreatCON (1) => (2)
2006-11-08 15:40 Internet Security Systems
AlertCon (2) => (1)
2006-11-08
MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit
a proof-of-concept code for this vulnerability (VU#585137)
#Cid: 20915.html
2006-11-06 07:57 JPCERT/CC
JPCERT-AT-2006-0018: Microsoft XML Core Services vulnerability
2006-11-06 02:00 US-CERT
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
US-CERT is investigating reports of a vulnerability found in the XMLHTTP 4.0 ActiveX Control, which is a part of the Microsoft XML Core Services 4.0 on Windows. Microsoft and ISS are reporting limited attacks attempting to use this vulnerability. By persuading a user with Internet Explorer to view a specially crafted HTML document (malicious website), a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with the privileges of the user.
2006-11-05 14:13 US-CERT
VU#585137: Microsoft XML Core Services XMLHTTP ActiveX control vulnerability
The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
2006-11-04 23:19 SANS Internet Storm Center
Microsoft Security Advisory (927892)
Microsoft published an advisory yesterday regarding a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows.
2006-11-04 00:50 Internet Security Systems
AlertCon (1) => (2)
2006-11-03 Internet Security Systems
Vulnerability in Microsoft XML HTTP Request Handling
2006-11-03 Microsoft
Microsoft Security Advisory (927892): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.


Date first published (UTC): 2006-11-15T21:51+00:00
Date last updated (UTC): 2006-11-15T21:51+00:00