Vulnerability Name:

CVE-2005-2274 (CCN-21100)

Assigned:2005-06-21
Published:2005-06-21
Updated:2021-07-23
Summary:Microsoft Internet Explorer 6.0 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-2272

Source: MITRE
Type: CNA
CVE-2005-2274

Source: CCN
Type: SA15474
Safari Dialog Origin Spoofing Vulnerability

Source: CCN
Type: SA15491
Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability

Source: SECUNIA
Type: Exploit, Vendor Advisory
15491

Source: CCN
Type: SA15492
Internet Explorer for Mac Dialog Origin Spoofing Vulnerability

Source: SECUNIA
Type: Vendor Advisory
15492

Source: CCN
Type: SA17813
Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: MISC
Type: Exploit
http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/

Source: CCN
Type: Secunia Research Advisory 21/06/2005
Internet Explorer Dialog Origin Spoofing Vulnerability

Source: MISC
Type: Vendor Advisory
http://secunia.com/secunia_research/2005-9/advisory/

Source: CCN
Type: SECTRACK ID: 1015294
Apple Safari WebKit Buffer Overflow May Let Remote Users Execute Arbitrary Code and Other Bugs May Permit JavaScript Dialog Box Spoofing and File Download Location Modification

Source: CCN
Type: Microsoft Security Advisory (902333)
Browser Windows Without Indications of Their Origins may be Used in Phishing Attempts

Source: MISC
Type: Vendor Advisory
http://www.microsoft.com/technet/security/advisory/902333.mspx

Source: CCN
Type: OSVDB ID: 17397
Mozilla Multiple Browser Javascript Dialog Origin Spoofing

Source: CCN
Type: OSVDB ID: 21275
Apple Safari JavaScript Dialog Box Spoofing

Source: CCN
Type: OSVDB ID: 79192
Microsoft IE Javascript Dialog Origin Spoofing

Source: CCN
Type: OSVDB ID: 79193
Apple Safari Javascript Dialog Origin Spoofing

Source: CCN
Type: BID-14011
Apple Safari Dialog Box Origin Spoofing Vulnerability

Source: XF
Type: UNKNOWN
ie-popup-obtain-information(21100)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:ie:*:*:*:*:*:*:*:*
  • OR cpe:/a:apple:safari:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft internet explorer 6.0
    microsoft ie *
    apple safari 2.0