Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-2094

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

Published

2006-04-29T10:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

4.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-362

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	microsoft	ie	5	Yes
Application	microsoft	ie	5.0	Yes
Application	microsoft	ie	5.0	Yes
Application	microsoft	ie	5.0	Yes
Application	microsoft	ie	5.0.1	Yes
Application	microsoft	ie	5.0.1	Yes
Application	microsoft	ie	5.0.1	Yes
Application	microsoft	ie	5.0.1	Yes
Application	microsoft	ie	6.0	Yes
Application	microsoft	ie	6.0	Yes
Application	microsoft	internet_explorer	5.0	Yes
Application	microsoft	internet_explorer	5.0.1	Yes
Application	microsoft	internet_explorer	5.0.1	Yes
Application	microsoft	internet_explorer	5.0.1	Yes
Application	microsoft	internet_explorer	5.0.1	Yes
Application	microsoft	internet_explorer	5.0.1	Yes
Application	microsoft	internet_explorer	5.5	Yes
Application	microsoft	internet_explorer	5.5	Yes
Application	microsoft	internet_explorer	5.5	Yes
Application	microsoft	internet_explorer	5.5	Yes
Application	microsoft	internet_explorer	6.0	Yes
Application	microsoft	internet_explorer	7.0	Yes
Application	microsoft	internet_explorer	7.0	Yes

References

http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html ([email protected])
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html ([email protected])
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html ([email protected])
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html ([email protected])
http://securitytracker.com/id?1015720 ([email protected])
http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 Vendor Advisory ([email protected])
http://www.osvdb.org/22351 ([email protected])
http://www.securityfocus.com/bid/17713 Exploit ([email protected])
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ ([email protected])
http://www.vupen.com/english/advisories/2006/1559 Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/26111 ([email protected])
http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0264.html (af854a3a-2127-422b-91ae-364da2661108)
http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html (af854a3a-2127-422b-91ae-364da2661108)
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0019.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045589.html (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1015720 (af854a3a-2127-422b-91ae-364da2661108)
http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/22351 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/17713 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/1559 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/26111 (af854a3a-2127-422b-91ae-364da2661108)