Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2094

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2094
Last Modified 27 Sep 2011 12:00:00
Published 29 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2094

Summary

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

Vulnerable Systems

Application

  • Microsoft Ie 5

  • Microsoft Ie 5.0

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0

  • Microsoft Ie 7.0


References

XF - ie-modal-dialog-code-execution(26111)

VUPEN - ADV-2006-1559

MISC - http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/

BID - 17713

OSVDB - 22351

MISC - http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02

SECTRACK - 1015720

FULLDISC - 20060427 PoC for Internet Explorer Modal Dialog Issue

FULLDISC - 20060426 Internet Explorer User Interface Races, Redeux

FULLDISC - 20040407 Race conditions in security dialogs


Last Updated: 27 May 2016 10:42:20