CVE-2006-5745

EXPLOITED

Microsoft XML Core Services 4.0 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-5745 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 5 public exploits from researchers including Metasploit, M03, ~Fyodor, including a Metasploit module exploits/windows/browser/ms06_071_xml_core.

AI-analyzed exploit summary This is a Metasploit module exploiting CVE-2006-5745, a code execution vulnerability in Microsoft XML Core Services via the XMLHTTP ActiveX control. It uses a heap spray technique to achieve remote code execution on vulnerable systems.

Description

Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. NOTE: some of these details are obtained from third party information.

Exploits (5)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16532

This is a Metasploit module exploiting CVE-2006-5745, a code execution vulnerability in Microsoft XML Core Services via the XMLHTTP ActiveX control. It uses a heap spray technique to achieve remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft XML Core Services 4.0 SP2 with Internet Explorer 6
No auth needed
Prerequisites: Vulnerable version of Microsoft XML Core Services · Internet Explorer with ActiveX enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by M03 · cremotewindows
https://www.exploit-db.com/exploits/2753

This exploit targets a vulnerability in Microsoft Internet Explorer 6/7 (XML Core Services) to achieve remote code execution. It generates an HTML file with malicious JavaScript that triggers a heap spray and shellcode execution when loaded in a vulnerable browser.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Internet Explorer 6/7 (XML Core Services) on Windows XP/2000
No auth needed
Prerequisites: Vulnerable version of Internet Explorer 6/7 · User interaction to visit malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by ~Fyodor · htmlremotewindows
https://www.exploit-db.com/exploits/2749

This exploit leverages a heap spray technique to trigger a vulnerability in Microsoft XML Core Services (MSXML) via a malformed `setRequestHeader` call, leading to arbitrary code execution. The payload is a classic heap spray with NOP sleds and shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft XML Core Services (MSXML) 4.0
No auth needed
Prerequisites: Victim must visit a malicious webpage · Vulnerable version of MSXML installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · htmlremotewindows
https://www.exploit-db.com/exploits/2743

This exploit targets a vulnerability in Microsoft XML Core Services (MSXML) in Internet Explorer 6/7. It uses a heap spray technique to achieve remote code execution by triggering a memory corruption via malformed arguments to the `open` and `setRequestHeader` methods of the `XMLHTTP` object.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft XML Core Services (MSXML) in Internet Explorer 6/7
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer 6/7
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms06_071_xml_core.rb

This Metasploit module exploits a code execution vulnerability in Microsoft XML Core Services via the XMLHTTP ActiveX control. It uses a heap spray technique to achieve remote code execution on vulnerable systems.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft XML Core Services 4.0 SP2
No auth needed
Prerequisites: Victim must visit a malicious webpage · Microsoft XML Core Services 4.0 SP2 must be installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (14)

Core 14
Core References
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
Vendor Advisory x_refsource_misc
http://xforce.iss.net/xforce/alerts/id/239
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A104
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017157
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2743
Third Party Advisory third-party-advisory x_refsource_iss
http://www.iss.net/threats/239.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4334
Various Sources x_refsource_misc
http://blogs.securiteam.com/?p=717
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20915
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22687
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30004
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/585137

Scores

EPSS 0.8631
EPSS Percentile 99.4%

Details

VulnCheck KEV 2006-11-14
Status published
Products (1)
microsoft/xml_core_services 4.0
Published Nov 06, 2006
Tracked Since Feb 18, 2026