PT-2006-3074 · Microsoft · Activex+3

Jesse Ruderman

Published

2006-04-29

Updated

2021-07-23

CVE-2006-2094

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions prior to Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1

Description The issue allows remote attackers to construct a race condition, tricking a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing an ActiveX control. This occurs when the Prompt is configured in Security Settings, and modal dialogs are used to verify user intentions.

Recommendations For Microsoft Internet Explorer versions prior to Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, update to Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 to resolve the issue.

Exploit

Fix

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

CVE-2006-2094

Affected Products

Activex

Internet Explorer

Windows Server 2003

Windows Xp

PT-2006-3074 · Microsoft · Activex+3

CVE-2006-2094

Weakness Enumeration

Related Identifiers

Affected Products

References · 13