Microsoft XMLHTTP ActiveX control code execution (HTML_MSXML_Memory_Corruption)

About this signature or vulnerability

RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Server Protection, IBM Security Server Protection for Windows, Proventia Network MFS, Proventia Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, RealSecure Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:

This signature detects a Microsoft XML HTTP ActiveX memory corruption and code execution exploit.

This signature detects an Microsoft XML HTTP ActiveX memory corruption and code execution exploit.


Default risk level

High risk vulnerability  High

Sensors that have this signature

RealSecure Server Sensor: XPU 24.50, RealSecure Network: XPU 24.50, BlackICE PC Protection: 3.6cpv, BlackICE Server Protection: 3.6.cpv, IBM Security Server Protection for Windows: 1.0.914.1900, Proventia Network MFS: XPU 1.89, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Desktop: 1900, Proventia Network IDS: XPU 24.50, Proventia-G 1.1 and earlier: XPU 24.50, RealSecure Desktop: epv, Proventia Network IPS: XPU 1.89, Proventia Server IPS for Linux technology: 1.89, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft XML Core Services: 4.0, Microsoft XML Core Services: 6.0

Type

Unauthorized Access Attempt

Vulnerability description

Microsoft Internet Explorer could allow a remote attacker to execute code on a victim's system, caused by an unspecified vulnerability in the Microsoft XML Core Services XMLHTTP ActiveX control. A remote attacker could exploit this vulnerability to execute arbitrary code on a victim's system, if the attacker could persuade the victim to visit a Web page containing a malicious XMLHTTP ActiveX control.

How to remove this vulnerability

Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS06-071. See References.

References

Internet Security Systems Protection Alert November 4, 2006
Vulnerability in Microsoft XML HTTP Request Handling
http://xforce.iss.net/xforce/alerts/id/239

Microsoft Security Advisory (927892)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/927892.mspx

US-CERT Vulnerability Note VU#585137
Microsoft XML Core Services XMLHTTP ActiveX control vulnerability
http://www.kb.cert.org/vuls/id/585137

SA22687
Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability
http://secunia.com/advisories/22687/

Microsoft Security Bulletin MS06-071
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
http://www.microsoft.com/technet/security/bulletin/ms06-071.mspx

Microsoft Security Bulletin MS07-042
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx

ISS X-Force
Microsoft XMLHTTP ActiveX control code execution
http://www.iss.net/security_center/static/30004.php

CVE
CVE-2006-5745
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5745