| Vulnerability Name: | CVE-2006-2384 (CCN-26777) | ||||||||||||||||||||||||||||
| Assigned: | 2006-06-13 | ||||||||||||||||||||||||||||
| Published: | 2006-06-13 | ||||||||||||||||||||||||||||
| Updated: | 2021-07-23 | ||||||||||||||||||||||||||||
| Summary: | Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2006-2384 Source: CCN Type: SA20595 Microsoft Internet Explorer Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 20595 Source: CCN Type: SECTRACK ID: 1016291 Microsoft Internet Explorer Multiple Memory and Access Control Errors Let Remote Users Execute Arbitrary Code Source: SECTRACK Type: UNKNOWN 1016291 Source: CCN Type: ASA-2006-126 Windows Security Updates for June 2006 - (MS06-021 - MS06-032) Source: CCN Type: Microsoft Security Bulletin MS06-021 Cumulative Security Update for Internet Explorer (916281) Source: CCN Type: Microsoft Security Bulletin MS06-042 Cumulative Security Update for Internet Explorer (918899) Source: CCN Type: Microsoft Security Bulletin MS06-067 Cumulative Security Update for Internet Explorer (922760) Source: CCN Type: Microsoft Security Bulletin MS06-072 Cumulative Security Update for Internet Explorer (925454) Source: CCN Type: Microsoft Security Bulletin MS07-016 Cumulative Security Update for Internet Explorer (928090) Source: CCN Type: Microsoft Security Bulletin MS07-027 Cumulative Security Update for Internet Explorer (931768) Source: CCN Type: Microsoft Security Bulletin MS07-033 Cumulative Security Update for Internet Explorer (933566) Source: CCN Type: Microsoft Security Bulletin MS07-045 Cumulative Security Update for Internet Explorer (937143) Source: CCN Type: Microsoft Security Bulletin MS07-057 Cumulative Security Update for Internet Explorer (939653) Source: CCN Type: Microsoft Security Bulletin MS07-069 Cumulative Security Update for Internet Explorer (942615) Source: CCN Type: Microsoft Security Bulletin MS08-010 Cumulative Security Update for Internet Explorer (944533) Source: CCN Type: Microsoft Security Bulletin MS08-024 Cumulative Security Update for Internet Explorer (947864) Source: CCN Type: Microsoft Security Bulletin MS08-031 Cumulative Security Update for Internet Explorer (950759) Source: CCN Type: Microsoft Security Bulletin MS08-045 Cumulative Security Update for Internet Explorer (953838) Source: CCN Type: Microsoft Security Bulletin MS08-058 Cumulative Security Update for Internet Explorer (956390) Source: OSVDB Type: UNKNOWN 26445 Source: CCN Type: OSVDB ID: 26445 Microsoft IE Modal Browser Window Address Bar Spoofing Source: BID Type: UNKNOWN 18321 Source: CCN Type: BID-18321 Microsoft Internet Explorer Persistent Modal Dialog Window Address Bar Spoofing Vulnerability Source: VUPEN Type: UNKNOWN ADV-2006-2319 Source: MS Type: UNKNOWN MS06-021 Source: XF Type: UNKNOWN ie-address-bar-spoof(26777) Source: XF Type: UNKNOWN ie-address-bar-spoof(26777) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1478 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1567 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1646 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1686 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1775 Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1788 | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||