Vulnerability in N/a
CVE-2006-4685
The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
EPSS: 0.554 (98.1th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
References
- 22333 (x_refsource_SECUNIA, third-party-advisory)
- VU#547212 (x_refsource_CERT-VN, third-party-advisory)
- MS06-061 (x_refsource_MS, vendor-advisory)
- oval:org.mitre.oval:def:221 (signature, x_refsource_OVAL, vdb-entry)
- 20339 (vdb-entry, x_refsource_BID)
- SSRT061264 (x_refsource_HP, vendor-advisory)
- 1017033 (vdb-entry, x_refsource_SECTRACK)
- 29425 (x_refsource_OSVDB, vdb-entry)
- ADV-2006-3980 (vdb-entry, x_refsource_VUPEN)