CVE-2006-1192

Microsoft Internet Explorer <6 - CSRF

Title source: llm

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.

Exploits (1)

exploitdb WORKING POC

htmldoswindows

https://www.exploit-db.com/exploits/1838

View Code ZIP pw:eip

References (12)

[Patch, Vendor Advisory] http://secunia.com/advisories/18957

[Patch] http://securitytracker.com/id?1015899

[Patch] http://www.securityfocus.com/bid/17460

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1318

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-013

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/25557

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1336

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1498

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1645

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1725

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1740

[Third Party Advisory] http://securityreason.com/securityalert/670

Scores

EPSS 0.3014

EPSS Percentile 96.7%

Details

CWE

CWE-20

Status published

Products (4)

canon/network_camera_server_vb101

microsoft/ie 5.01 windows_2000_sp4

microsoft/ie 6 (6 CPE variants)

microsoft/internet_explorer 6 sp1

Published Apr 11, 2006

Tracked Since Feb 18, 2026