Vulnerability Name:

CVE-2006-1192 (CCN-25557)

Assigned:2006-04-11
Published:2006-04-11
Updated:2021-07-23
Summary:Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability."
Note: this is a different vulnerability than CVE-2006-1626.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
1.9 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-20
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-1192

Source: CCN
Type: SA18957
Internet Explorer Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
18957

Source: SREASON
Type: UNKNOWN
670

Source: CCN
Type: SECTRACK ID: 1015899
Microsoft Internet Explorer Lets Remote Users Spoof the Address Bar URL

Source: SECTRACK
Type: Patch
1015899

Source: CCN
Type: ASA-2006-079
Windows Security Updates for April 2006 - (MS06-013 - MS06-017)

Source: CCN
Type: Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)

Source: CCN
Type: Microsoft Security Bulletin MS06-021
Cumulative Security Update for Internet Explorer (916281)

Source: CCN
Type: Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)

Source: CCN
Type: Microsoft Security Bulletin MS06-067
Cumulative Security Update for Internet Explorer (922760)

Source: CCN
Type: Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)

Source: CCN
Type: Microsoft Security Bulletin MS07-016
Cumulative Security Update for Internet Explorer (928090)

Source: CCN
Type: Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)

Source: CCN
Type: Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)

Source: CCN
Type: Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)

Source: CCN
Type: Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)

Source: CCN
Type: Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)

Source: CCN
Type: Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)

Source: CCN
Type: Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)

Source: CCN
Type: Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)

Source: CCN
Type: Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)

Source: CCN
Type: Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)

Source: BID
Type: Patch
17460

Source: CCN
Type: BID-17460
Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA06-101A
Microsoft Windows and Internet Explorer Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1318

Source: CCN
Type: Internet Security Systems Protection Alert - April 11, 2006
Cumulative Security Update for Internet Explorer

Source: MS
Type: UNKNOWN
MS06-013

Source: XF
Type: UNKNOWN
ie-browser-window-spoofing(25557)

Source: XF
Type: UNKNOWN
ie-browser-window-spoofing(25557)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1336

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1498

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1645

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1725

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1740

Vulnerable Configuration:Configuration 1:
  • cpe:/a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_server_2003_sp1_itanium_systems:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*
  • OR cpe:/h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1336
    V
    		IE6 Address Bar Spoofing Vulnerability (Win2K/XP,SP1)
    2014-02-24
    oval:org.mitre.oval:def:1740
    V
    		IE5 Address Bar Spoofing Vulnerability (Win2K)
    2014-02-24
    oval:org.mitre.oval:def:1498
    V
    		IE6 Address Bar Spoofing Vulnerability (Server 2003)
    2011-05-16
    oval:org.mitre.oval:def:1645
    V
    		IE6 Address Bar Spoofing Vulnerability (WinXP)
    2011-05-16
    oval:org.mitre.oval:def:1725
    V
    		IE6 Address Bar Spoofing Vulnerability (Server 2003,SP1)
    2011-05-16
    BACK
    microsoft ie 6
    microsoft internet explorer 6 sp1
    microsoft ie 6 windows_server_2003_sp1
    microsoft ie 6 windows_server_2003_sp1_itanium_systems
    microsoft ie 6 sp1
    microsoft ie 6 windows_2000_sp4
    microsoft ie 5.01 windows_2000_sp4
    microsoft ie 6 windows_xp_sp2
    canon network camera server vb101 *
    microsoft ie 6.0
    microsoft ie 6.0 sp1
    microsoft ie 5.01 sp4
    microsoft windows xp - sp1
    microsoft windows 2000 - sp4
    microsoft windows 2003_server
    microsoft windows xp sp2
    microsoft windows 2003 server -
    microsoft windows 2003_server sp1
    microsoft windows 2003_server sp1_itanium