===================================================================== CERT-Renater Note d'Information No. 2006/VULN526 _____________________________________________________________________ DATE : 15/11/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Microsoft XML Core Services. ====================================================================== MS06-071 - Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088) Affected Software: - Microsoft XML Core Services 4.0 - Microsoft XML Core Services 6.0 Full MS06-071 Advisory: - http://www.microsoft.com/technet/security/Bulletin/MS06-071.mspx Vulerability Details: Microsoft XML Core Services Vulnerability: CVE-2006-5745 A vulnerability exists in the XMLHTTP ActiveX control within Microsoft XML Core Services that could allow for remote code execution. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited that page or clicked a link in an e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================