CVE-2006-1191

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 through 6

Description The issue allows remote attackers to obtain sensitive cross-domain information and spoof sites by running script after the user has navigated to another site. This is due to the way Internet Explorer handles navigation methods, which can lead to information disclosure if a user visits a malicious Web site or views a specially crafted e-mail message. An attacker who successfully exploits this could read cookies or other data from another Internet Explorer domain, but user interaction is required.

Recommendations For Microsoft Internet Explorer versions 5.01 through 6, consider restricting access to sensitive information and avoiding the use of potentially vulnerable navigation methods until a fix is available. As a temporary workaround, users should be cautious when navigating to different sites and avoid interacting with suspicious Web pages or e-mail messages.