Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1626Improper Input Validation in Microsoft Internet Explorer

CWE-20Improper Input Validation5 documents3 sources
Severity
4.3MEDIUMNVD
NVD2.6
EPSS
52.3%
top 2.06%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft IEMicrosoft Internet Explorer
Timeline
PublishedApr 5
Latest updateMay 1

Description

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDmicrosoft/ie5.01, 6+1

🔴Vulnerability Details

2
GHSA
GHSA-5jjp-qvmw-c36p: Microsoft Internet Explorer 52022-05-01
GHSA
GHSA-wpcm-5rf2-mrhv: Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-openin2022-05-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5 - Address Bar Spoofing2006-04-03
CVE-2006-1626 — Improper Input Validation in Microsoft | cvebase