Status Tracking Note TRVU#585137

Microsoft XML Core Services XMLHTTP ActiveX control vulnerability

The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Event Information

Date (UTC)	Description
2006-11-15 05:56	JPCERT/CC JPCERT-AT-2006-0018: Microsoft XML Core Services vulnerability Update notification of Microsoft XML Core Services vulnerability
2006-11-14	Microsoft Microsoft Security Advisory (927892): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-071 to address this issue.
2006-11-14	Microsoft MS06-071: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) This update addresses several newly discovered, privately and publicly reported vulnerabilities.
2006-11-08 20:40	Symantec ThreatCON (1) => (2)
2006-11-08 15:40	Internet Security Systems AlertCon (2) => (1)
2006-11-08	MS Internet Explorer 6/7 (XML Core Services) Remote Code Execution Exploit a proof-of-concept code for this vulnerability (VU#585137) #Cid: 20915.html
2006-11-06 07:57	JPCERT/CC JPCERT-AT-2006-0018: Microsoft XML Core Services vulnerability
2006-11-06 02:00	US-CERT Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution US-CERT is investigating reports of a vulnerability found in the XMLHTTP 4.0 ActiveX Control, which is a part of the Microsoft XML Core Services 4.0 on Windows. Microsoft and ISS are reporting limited attacks attempting to use this vulnerability. By persuading a user with Internet Explorer to view a specially crafted HTML document (malicious website), a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system with the privileges of the user.
2006-11-05 14:13	US-CERT VU#585137: Microsoft XML Core Services XMLHTTP ActiveX control vulnerability The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
2006-11-04 23:19	SANS Internet Storm Center Microsoft Security Advisory (927892) Microsoft published an advisory yesterday regarding a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows.
2006-11-04 00:50	Internet Security Systems AlertCon (1) => (2)
2006-11-03	Internet Security Systems Vulnerability in Microsoft XML HTTP Request Handling
2006-11-03	Microsoft Microsoft Security Advisory (927892): Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution Microsoft is investigating public reports of a vulnerability in the XMLHTTP 4.0 ActiveX Control, part of Microsoft XML Core Services 4.0 on Windows. We are aware of limited attacks that are attempting to use the reported vulnerability.


Date first published (UTC):	2006-11-15T21:51+00:00
Date last updated (UTC):	2006-11-15T21:51+00:00