Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1192Improper Input Validation in Microsoft IE

CWE-20Improper Input Validation4 documents4 sources
Severity
2.6LOWNVD
EPSS
30.1%
top 3.32%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedApr 11
Latest updateMay 1

Description

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/ie5.01, 6+1

Patches

Patch: secunia.comPatch: securitytracker.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-5jjp-qvmw-c36p: Microsoft Internet Explorer 52022-05-01
CVEList
CVE-2006-1192: Microsoft Internet Explorer 52006-04-11

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer - HTML Tag Memory Corruption (MS06-013)2006-05-27
CVE-2006-1192 — Improper Input Validation in Microsoft | cvebase