CVE-2006-1626 Information

Description

Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.

Reference

http://secunia.com/advisories/19521 http://secunia.com/Internet_Explorer_Address_Bar_Spoofing_Vulnerability_Test/ http://securitytracker.com/id?1016291 http://www.securityfocus.com/archive/1/429719/100/0/threaded http://www.securityfocus.com/archive/1/429891/100/0/threaded http://www.securityfocus.com/archive/1/440851/100/100/threaded http://www.securityfocus.com/bid/17404 http://www.vupen.com/english/advisories/2006/1218 http://www.vupen.com/english/advisories/2006/2319 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-021 https://exchange.xforce.ibmcloud.com/vulnerabilities/25634 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1600 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1604 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1806 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1842 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1881 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1918