Microsoft Core XML services contain a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the XMLHTTP ActiveX control incorrectly handles a server-side redirect, i.e via a specially crafted web page, which can disclose certain information and compromise the affected system.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Security Tracker: 1017033
• CVE ID: 2006-4685 (see also: NVD)
• Bugtraq ID: 20339
• OVAL ID: 221
• Secunia Advisory ID: 22333
• ISS X-Force ID: 29206
• Metasploit ID: 29425
• Related OSVDB ID: 29426
• CERT VU: 547212
• Microsoft Knowledge Base Article: 924191
• VUPEN Advisory: ADV-2006-3980
• Vendor URL: http://www.microsoft.com/en-us/default.aspx
• Microsoft Security Bulletin: MS06-061

• Not Available