Lucene search

[email protected]CVE-2006-2094

HistoryApr 29, 2006 - 10:02 a.m.

CVE-2006-2094

2006-04-2910:02:00

CWE-362

[email protected]

web.nvd.nist.gov

microsoft ie

internet explorer

windows xp

windows server 2003

security settings

activex

remote attack

race condition

nvd

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.406 Medium

EPSS

Percentile

97.3%

JSON

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a “Yes” approval for executing the control.

Affected configurations

NVD

Node

microsoftieMatch5windows_nt_4.0

microsoftieMatch5.0windows_2000

microsoftieMatch5.0windows_95

microsoftieMatch5.0windows_98

microsoftieMatch5.0.1windows_2000

microsoftieMatch5.0.1windows_95

microsoftieMatch5.0.1windows_98

microsoftieMatch5.0.1windows_nt_4.0

microsoftieMatch6.0sp1

microsoftieMatch6.0sp2

microsoftinternet_explorerMatch5.0

microsoftinternet_explorerMatch5.0.1

microsoftinternet_explorerMatch5.0.1sp1

microsoftinternet_explorerMatch5.0.1sp2

microsoftinternet_explorerMatch5.0.1sp3

microsoftinternet_explorerMatch5.0.1sp4

microsoftinternet_explorerMatch5.5

microsoftinternet_explorerMatch5.5preview

microsoftinternet_explorerMatch5.5sp1

microsoftinternet_explorerMatch5.5sp2

microsoftinternet_explorerMatch6.0

microsoftinternet_explorerMatch7.0beta1

microsoftinternet_explorerMatch7.0beta2

CPENameOperatorVersion
microsoft:iemicrosoft ieeq5
microsoft:iemicrosoft ieeq5.0
microsoft:iemicrosoft ieeq5.0.1
microsoft:iemicrosoft ieeq6.0
microsoft:internet_explorermicrosoft internet explorereq5.0
microsoft:internet_explorermicrosoft internet explorereq5.0.1
microsoft:internet_explorermicrosoft internet explorereq5.5
microsoft:internet_explorermicrosoft internet explorereq6.0
microsoft:internet_explorermicrosoft internet explorereq7.0

CPE	Name	Operator	Version
microsoft:ie	microsoft ie	eq	5
microsoft:ie	microsoft ie	eq	5.0
microsoft:ie	microsoft ie	eq	5.0.1
microsoft:ie	microsoft ie	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	5.0
microsoft:internet_explorer	microsoft internet explorer	eq	5.0.1
microsoft:internet_explorer	microsoft internet explorer	eq	5.5
microsoft:internet_explorer	microsoft internet explorer	eq	6.0
microsoft:internet_explorer	microsoft internet explorer	eq	7.0

References

archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html

archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html

archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html

lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html

securitytracker.com/id?1015720

student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02

www.osvdb.org/22351

www.securityfocus.com/bid/17713

www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/

www.vupen.com/english/advisories/2006/1559

exchange.xforce.ibmcloud.com/vulnerabilities/26111

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

6.6 Medium

AI Score

Confidence

High

0.406 Medium

EPSS

Percentile

97.3%

JSON

Related for CVE-2006-2094

cvelist1 nvd1 prion1