HighRealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network IPS, Proventia Desktop, RealSecure Desktop, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects a Microsoft XML HTTP ActiveX memory corruption and code execution exploit.
This signature detects an Microsoft XML HTTP ActiveX memory corruption and code execution exploit.
High
RealSecure Server Sensor: XPU 24.50, RealSecure Network: XPU 24.50, BlackICE PC Protection: 3.6cpv, BlackICE Server Protection: 3.6.cpv, Proventia Network MFS: XPU 1.89, IBM Security Server Protection for Windows: 1.0.914.1900, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Network IDS: XPU 24.50, Proventia-G 1.1 and earlier: XPU 24.50, Proventia Network IPS: XPU 1.89, Proventia Desktop: 1900, RealSecure Desktop: epv, Proventia Server IPS for Linux technology: 1.89, Virtual Server Protection for Vmware: 1.0
Microsoft XML Core Services: 4.0, Microsoft XML Core Services: 6.0
Unauthorized Access Attempt
Microsoft Internet Explorer could allow a remote attacker to execute code on a victim's system, caused by an unspecified vulnerability in the Microsoft XML Core Services XMLHTTP ActiveX control. A remote attacker could exploit this vulnerability to execute arbitrary code on a victim's system, if the attacker could persuade the victim to visit a Web page containing a malicious XMLHTTP ActiveX control.
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-071. See References.
Internet Security Systems Protection Alert November 4, 2006
Vulnerability in Microsoft XML HTTP Request Handling
http://xforce.iss.net/xforce/alerts/id/239
Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/927892.mspx
US-CERT Vulnerability Note VU#585137
Microsoft XML Core Services XMLHTTP ActiveX control vulnerability
http://www.kb.cert.org/vuls/id/585137
SA22687
Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/22687/
Microsoft Security Bulletin MS06-071
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx
Microsoft Security Bulletin MS07-042
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx
Offensive Security Exploit Database [05-11-2012]
PHP 5.4 (5.4.3) Code Execution (Win32)
http://www.exploit-db.com/exploits/18861/
ISS X-Force
Microsoft XMLHTTP ActiveX control code execution
http://www.iss.net/security_center/static/30004.php
CVE
CVE-2006-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5745