CVE-2006-4661

AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:N/I:P/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/21809
http://securityreason.com/securityalert/1523
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510	Vendor Advisory
http://www.securityfocus.com/archive/1/445515/100/0/threaded
http://www.securityfocus.com/bid/19900
http://www.vupen.com/english/advisories/2006/3528
https://exchange.xforce.ibmcloud.com/vulnerabilities/28814

Configurations

Configuration 1 (hide)

cpe:2.3:a:icq_inc:icq_toolbar:1.3_for_internet_explorer:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-09-09 00:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-4661

Mitre link : CVE-2006-4661

CVE.ORG link : CVE-2006-4661

JSON object : View

Products Affected

icq_inc

icq_toolbar

CWE

NVD-CWE-Other

{"id": "CVE-2006-4661", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-09-09T00:04:00.000", "references": [{"url": "http://secunia.com/advisories/21809", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1523", "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/445515/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/19900", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/3528", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28814", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar."}, {"lang": "es", "value": "AOL ICQ Toolbar 1.3 para Internet Explorer (toolbaru.dll)no valida adecuadamente el origen de la configuraci\u00f3n de la p\u00e1gina web (options2.html), lo cual permite que un atacante remoto con la complicidad del usuario proveer una p\u00e1gina web que contengan botones de chequeo disfrazados que enga\u00f1an al usuario en la configuraci\u00f3n de nuevo de la barra de herramientas."}], "lastModified": "2018-10-17T21:38:56.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:icq_inc:icq_toolbar:1.3_for_internet_explorer:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B074A0-C0A0-48F5-88CD-80EF81E57AD4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}