CVE-2006-4685

CVE Database · CVE-2006-4685

CVE-2006-4685

· N/AModified

CVSS v3.1

N/A

EPSS

19.56%

Published

Oct 10, 2006

Modified

Apr 22, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.

Affected Products (4)

microsoft · xml_core_servicesvulnerable

microsoft · xml_parservulnerable

References (18)

http://secunia.com/advisories/22333

http://securitytracker.com/id?1017033

http://www.kb.cert.org/vuls/id/547212

US Government Resource

http://www.osvdb.org/29425

http://www.securityfocus.com/archive/1/449179/100/0/threaded

http://www.securityfocus.com/bid/20339

http://www.vupen.com/english/advisories/2006/3980

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-061

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A221

http://secunia.com/advisories/22333

http://securitytracker.com/id?1017033

KEV Catalog EPSS Scores Vendors All CVEs