Vulnerability CVE-2006-2094 - CERT Civis.Net

Vulnerability Name:

CVE-2006-2094 (CCN-26111)

Assigned:

2006-04-26

Published:

2006-04-26

Updated:

2021-07-23

Summary:

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

CVSS v3 Severity:

5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: FULLDISC
Type: UNKNOWN
20040407 Race conditions in security dialogs

Source: CCN
Type: Full-Disclosure Mailing List, Wed Apr 26 2006 - 17:09:19 CDT
Internet Explorer User Interface Races, Redeux

Source: FULLDISC
Type: UNKNOWN
20060426 Internet Explorer User Interface Races, Redeux

Source: CCN
Type: Full-Disclosure Mailing List, Thu Apr 27 2006 - 07:37:54 CDT
PoC for Internet Explorer Modal Dialog Issue

Source: VULNWATCH
Type: UNKNOWN
20060427 PoC for Internet Explorer Modal Dialog Issue

Source: MITRE
Type: CNA
CVE-2006-2094

Source: FULLDISC
Type: UNKNOWN
20060427 PoC for Internet Explorer Modal Dialog Issue

Source: CCN
Type: SECTRACK ID: 1015720
Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information

Source: SECTRACK
Type: UNKNOWN
1015720

Source: MISC
Type: Vendor Advisory
http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02

Source: OSVDB
Type: UNKNOWN
22351

Source: CCN
Type: OSVDB ID: 22351
Microsoft IE Modal Security Dialog Race Condition

Source: BID
Type: Exploit
17713

Source: CCN
Type: BID-17713
Microsoft Internet Explorer Modal Dialog Manipulation Vulnerability

Source: MISC
Type: UNKNOWN
http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/

Source: VUPEN
Type: Vendor Advisory
ADV-2006-1559

Source: CCN
Type: ISS X-Force Database
Microsoft Internet Explorer download dialog box code execution

Source: XF
Type: UNKNOWN
ie-modal-dialog-code-execution(26111)

Source: XF
Type: UNKNOWN
ie-modal-dialog-code-execution(26111)

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:ie:5.0.1:*:windows_95:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0.1:*:windows_98:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0.1:*:windows_nt_4.0:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0:*:windows_98:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:7.0:beta1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0.1:*:windows_2000:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0:*:windows_2000:*:*:*:*:*

OR cpe:/a:microsoft:ie:5.0:*:windows_95:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:5:*:windows_nt_4.0:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:preview:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:7.0:beta2:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*

OR cpe:/a:microsoft:ie:6.0:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*

AND

cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2000:-:sp4:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

Denotes that component is vulnerable