QwikSec

Security Database

CVE

CWE

Training

CVE-2006-2094

Published: Apr 29, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_VUPEN

20060426 Internet Explorer User Interface Races, Redeux

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_OSVDB

http://student.missouristate.edu/m/matthew007/advisories.asp?adv=2006-02

x_refsource_MISC

20060427 PoC for Internet Explorer Modal Dialog Issue

mailing-list

x_refsource_FULLDISC

ie-modal-dialog-code-execution(26111)

vdb-entry

x_refsource_XF

20060427 PoC for Internet Explorer Modal Dialog Issue

mailing-list

x_refsource_VULNWATCH

http://www.squarefree.com/2004/07/01/race-conditions-in-security-dialogs/

x_refsource_MISC

20040407 Race conditions in security dialogs

mailing-list

x_refsource_FULLDISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.