module

MS06-071 Microsoft Internet Explorer XML Core Services HTTP Request Handling

Try Surface Command
Back to search
Disclosed
2006-10-10
Created
2018-05-30

Description

This module exploits a code execution vulnerability in Microsoft XML Core Services which
exists in the XMLHTTP ActiveX control. This module is the modified version of
http://www.milw0rm.com/exploits/2743 - credit to str0ke. This module has been successfully
tested on Windows 2000 SP4, Windows XP SP2, Windows 2003 Server SP0 with IE6
+ Microsoft XML Core Services 4.0 SP2.

Author

Trirat Puttaraksa trir00t@gmail.com

Platform

Windows

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


    msf > use exploit/windows/browser/ms06_071_xml_core
    msf exploit(ms06_071_xml_core) > show targets
        ...targets...
    msf exploit(ms06_071_xml_core) > set TARGET < target-id >
    msf exploit(ms06_071_xml_core) > show options
        ...show and set options...
    msf exploit(ms06_071_xml_core) > exploit
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today