cvelistv5 - cve-2006-2900

CVE-2006-2900 (GCVE-0-2006-2900)

Vulnerability from cvelistv5 – Published: 2006-06-07 16:00 – Updated: 2024-08-07 18:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GHSA-Q95H-8XHW-CCXP

Vulnerability from github – Published: 2022-05-01 07:03 – Updated: 2022-05-01 07:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-07T16:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.",
  "id": "GHSA-q95h-8xhw-ccxp",
  "modified": "2022-05-01T07:03:44Z",
  "published": "2022-05-01T07:03:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2900"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20449"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1059"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18308"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2161"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2006-2900

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2900

Aliases

CVE-2006-2900

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2900",
    "description": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.",
    "id": "GSD-2006-2900"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2900"
      ],
      "details": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form.",
      "id": "GSD-2006-2900",
      "modified": "2023-12-13T01:19:53.184556Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2900",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-2161",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2161"
          },
          {
            "name": "1059",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1059"
          },
          {
            "name": "18308",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18308"
          },
          {
            "name": "20449",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20449"
          },
          {
            "name": "20060605 file upload widgets in IE and Firefox have issues",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2900"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060605 file upload widgets in IE and Firefox have issues",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
            },
            {
              "name": "20449",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20449"
            },
            {
              "name": "18308",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18308"
            },
            {
              "name": "1059",
              "refsource": "SREASON",
              "tags": [],
              "url": "http://securityreason.com/securityalert/1059"
            },
            {
              "name": "ADV-2006-2161",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2161"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2011-10-11T04:00Z",
      "publishedDate": "2006-06-07T16:02Z"
    }
  }
}

FKIE_CVE-2006-2900

Vulnerability from fkie_nvd - Published: 2006-06-07 16:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html
cve@mitre.org	http://secunia.com/advisories/20449	Vendor Advisory
cve@mitre.org	http://securityreason.com/securityalert/1059
cve@mitre.org	http://www.securityfocus.com/bid/18308
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2161	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20449	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1059
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18308
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2161	Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	ie	5.01
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
microsoft	ie	6
canon	network_camera_server_vb101	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
              "matchCriteriaId": "B054A26A-7414-41B2-A46D-49E798D7A346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
              "matchCriteriaId": "8EF317BB-E63A-4A60-A2E1-6797A402D88F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
              "matchCriteriaId": "B1D7486F-1B6C-4705-B73C-F763F36F5150",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
              "matchCriteriaId": "6DBFDCF4-ACC7-4196-BA4D-2A35FAA5E1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
              "matchCriteriaId": "5E49636B-A425-4595-9663-A22A9F7C7D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
              "matchCriteriaId": "FCFF1342-8AD8-4003-81AA-09DB4A12EEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
              "matchCriteriaId": "DBEABB0B-61EF-44E1-8673-F4B5A99A4164",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
              "matchCriteriaId": "B80088A3-2AA4-44A2-98DF-359E15F8E18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
              "matchCriteriaId": "181D0FA2-79E1-4422-9810-D7A557805872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
              "matchCriteriaId": "81C4C1ED-AC7D-4970-8B34-62D304A83FE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1EBD1BF-DEE2-4047-A8B4-3A816FC80003",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form."
    }
  ],
  "id": "CVE-2006-2900",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-07T16:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20449"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1059"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18308"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046610.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2161"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-200606-0464

Vulnerability from variot - Updated: 2023-12-18 11:05

Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system.

Want to join the Secunia Security Team?

Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports.

SOLUTION: Disable Active Scripting support.

Do not enter suspicious text when visiting untrusted web sites.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications.

TITLE: Mozilla Firefox Multiple Vulnerabilities

SECUNIA ADVISORY ID: SA26095

VERIFY ADVISORY: http://secunia.com/advisories/26095/

CRITICAL: Highly critical

IMPACT: Cross Site Scripting, Spoofing, DoS, System access

WHERE:

From remote

SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks and potentially to compromise a user's system.

1) Various errors in the browser engine can be exploited to cause memory corruption and potentially to execute arbitrary code.

2) Various errors in the Javascript engine can be exploited to cause memory corruption and potentially to execute arbitrary code.

3) An error in the "addEventListener" and "setTimeout" methods can be exploited to inject script into another site's context, circumventing the browser's same-origin policy.

4) An error in the cross-domain handling can be exploited to inject arbitrary HTML and script code in a sub-frame of another web site.

This is related to vulnerability #5 in: SA21906

5) An unspecified error in the handling of elements outside of documents allows an attacker to call an event handler and execute arbitrary code with chrome privileges.

6) An unspecified error in the handling of "XPCNativeWrapper" can lead to execution of user-supplied code.

SOLUTION: Update to version 2.0.0.5.

PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron, Daniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats Palmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. 2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. 3, 5) The vendor credits moz_bug_r_a4 4) Ronen Zilberman and Michal Zalewski 6) The vendor credits shutdown and moz_bug_r_a4.

ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2007/mfsa2007-18.html http://www.mozilla.org/security/announce/2007/mfsa2007-19.html http://www.mozilla.org/security/announce/2007/mfsa2007-20.html http://www.mozilla.org/security/announce/2007/mfsa2007-21.html http://www.mozilla.org/security/announce/2007/mfsa2007-25.html

OTHER REFERENCES: SA21906: http://secunia.com/advisories/21906/

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors.

The vulnerability is caused due to an error within the handling of "about:blank" pages loaded by chrome in an addon. This can be exploited to execute script code under chrome privileges by e.g. clicking on a link opened in an "about:blank" window created and populated in a certain ways by an addon.

Successful exploitation requires that certain addons are installed. http://www.mozilla.com/en-US/firefox/

Thunderbird: Fixed in the upcoming version 2.0.0.6. http://www.mozilla.com/en-US/thunderbird/

SeaMonkey: Fixed in the upcoming version 1.1.4.

For more information: SA26201

PROVIDED AND/OR DISCOVERED BY: moz_bug_r_a4

CHANGELOG: 2007-07-31: Updated "Description". Added link to vendor advisory. "mailto", "news", "nntp", "snews", "telnet"). using Firefox visits a malicious website with a specially crafted "mailto" URI containing a "%" character and ends in a certain extension (e.g.

The vulnerability is confirmed on a fully patched Windows XP SP2 and Windows Server 2003 SP2 system using Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2. Other versions and browsers may also be affected.

SOLUTION: Do not browse untrusted websites or follow untrusted links.

PROVIDED AND/OR DISCOVERED BY: Vulnerability discovered by: * Billy (BK) Rios

Firefox not escaping quotes originally discussed by: * Jesper Johansson

Additional research by Secunia Research. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA07-297B

Adobe Updates for Microsoft Windows URI Vulnerability

Original release date: October 24, 2007 Last revised: -- Source: US-CERT

Systems Affected

Microsoft Windows XP and Windows Server 2003 systems with Internet Explorer 7 and any of the following Adobe products: * Adobe Reader 8.1 and earlier * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier * Adobe Reader 7.0.9 and earlier * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and earlier

Overview

Adobe has released updates for the Adobe Reader and Adobe Acrobat product families. The update addresses a URI handling vulnerability in Microsoft Windows XP and Server 2003 systems with Internet Explorer 7.

I. Description

Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server 2003 changes the way Windows handles Uniform Resource Identifiers (URIs). This change has introduced a flaw that can cause Windows to incorrectly determine the appropriate handler for the protocol specified in a URI. More information about this vulnerability is available in US-CERT Vulnerability Note VU#403150.

Public reports indicate that this vulnerability is being actively exploited with malicious PDF files. Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability.

II.

III. Solution

Apply an update

Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to address this issue. These Adobe products handle URIs in a way that mitigates the vulnerability in Microsoft Windows.

Disable the mailto: URI in Adobe Reader and Adobe Acrobat

If you are unable to install an updated version of the software, this vulnerability can be mitigated by disabling the mailto: URI handler in Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin APSB07-18 for details.

Appendix A. Vendor Information

Adobe

For information about updating affected Adobe products, see Adobe Security Bulletin APSB07-18.

Appendix B. References

* Adobe Security Bulletin APSB07-18 -
  <http://www.adobe.com/support/security/bulletins/apsb07-18.htm>

* Microsoft Security Advisory (943521) -
  <http://www.microsoft.com/technet/security/advisory/943521.mspx>

* US-CERT Vulnerability Note VU#403150 -
  <http://www.kb.cert.org/vuls/id/403150>

The most recent version of this document can be found at:

 <http://www.us-cert.gov/cas/techalerts/TA07-297B.html>

Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA07-297B Feedback VU#403150" in the subject.

For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.

Produced 2007 by US-CERT, a government organization.

 <http://www.us-cert.gov/legal.html>

Revision History

October 24, 2007: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H 3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ lKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s VNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57 4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI LazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ== =PgB9 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200606-0464",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": null,
        "scope": null,
        "trust": 2.4,
        "vendor": "mozilla",
        "version": null
      },
      {
        "model": "ie",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "5.01"
      },
      {
        "model": "ie",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": "6"
      },
      {
        "model": "network camera server vb101",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "canon",
        "version": "*"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "adobe",
        "version": null
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "network camera server vb101",
        "scope": null,
        "trust": 0.6,
        "vendor": "canon",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_2000_sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_server_2003_sp1_itanium:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:windows_xp_sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:canon:network_camera_server_vb101:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:5.01:windows_2000_sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:*:windows_xp_professional_64bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_millennium:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_98_se:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:ie:6:sp1:windows_xpsp1:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Secunia",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "47071"
      },
      {
        "db": "PACKETSTORM",
        "id": "57832"
      },
      {
        "db": "PACKETSTORM",
        "id": "58191"
      },
      {
        "db": "PACKETSTORM",
        "id": "58068"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2006-2900",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 4.9,
            "id": "VHN-19008",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-2900",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#143297",
            "trust": 0.8,
            "value": "8.51"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#403150",
            "trust": 0.8,
            "value": "18.43"
          },
          {
            "author": "CARNEGIE MELLON",
            "id": "VU#783400",
            "trust": 0.8,
            "value": "25.52"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200606-183",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19008",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Internet Explorer 6 allows user-assisted remote attackers to read arbitrary files by tricking a user into typing the characters of the target filename in a text box and using the OnKeyDown, OnKeyPress, and OnKeyUp Javascript keystroke events to change the focus and cause those characters to be inserted into a file upload input control, which can then upload the file when the user submits the form. Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. \n\n----------------------------------------------------------------------\n\nWant to join the Secunia Security Team?\n\nSecunia offers a position as a security specialist, where your daily\nwork involves reverse engineering of software and exploit code,\nauditing of source code, and analysis of vulnerability reports. \n\nSOLUTION:\nDisable Active Scripting support. \n\nDo not enter suspicious text when visiting untrusted web sites. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. \n\n----------------------------------------------------------------------\n\nTITLE:\nMozilla Firefox Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA26095\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/26095/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nCross Site Scripting, Spoofing, DoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nMozilla Firefox 2.0.x\nhttp://secunia.com/product/12434/\n\nDESCRIPTION:\nSome vulnerabilities have been reported in Mozilla Firefox, which can\nbe exploited by malicious people to conduct spoofing and cross-site\nscripting attacks and potentially to compromise a user\u0027s system. \n\n1) Various errors in the browser engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n2) Various errors in the Javascript engine can be exploited to cause\nmemory corruption and potentially to execute arbitrary code. \n\n3) An error in the \"addEventListener\" and \"setTimeout\" methods can be\nexploited to inject script into another site\u0027s context, circumventing\nthe browser\u0027s same-origin policy. \n\n4) An error in the cross-domain handling can be exploited to inject\narbitrary HTML and script code in a sub-frame of another web site. \n\nThis is related to vulnerability #5 in:\nSA21906\n\n5) An unspecified error in the handling of elements outside of\ndocuments allows an attacker to call an event handler and execute\narbitrary code with chrome privileges. \n\n6) An unspecified error in the handling of \"XPCNativeWrapper\" can\nlead to execution of user-supplied code. \n\nSOLUTION:\nUpdate to version 2.0.0.5. \n\nPROVIDED AND/OR DISCOVERED BY:\n1) The vendor credits Bernd Mielke, Boris Zbarsky, David Baron,\nDaniel Veditz, Jesse Ruderman, Lukas Loehrer, Martijn Wargers, Mats\nPalmgren, Olli Pettay, Paul Nickerson, and Vladimir Sukhoy. \n2) The vendor credits Asaf Romano, Jesse Ruderman, and Igor Bukanov. \n3, 5) The vendor credits moz_bug_r_a4\n4) Ronen Zilberman and Michal Zalewski\n6) The vendor credits shutdown and moz_bug_r_a4. \n\nORIGINAL ADVISORY:\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-18.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-19.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-20.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-21.html\nhttp://www.mozilla.org/security/announce/2007/mfsa2007-25.html\n\nOTHER REFERENCES:\nSA21906:\nhttp://secunia.com/advisories/21906/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\n----------------------------------------------------------------------\n\nBETA test the new Secunia Personal Software Inspector!\n\nThe Secunia PSI detects installed software on your computer and\ncategorises it as either Insecure, End-of-Life, or Up-To-Date. \nEffectively enabling you to focus your attention on software\ninstallations where more secure versions are available from the\nvendors. \n\nThe vulnerability is caused due to an error within the handling of\n\"about:blank\" pages loaded by chrome in an addon. This can be\nexploited to execute script code under chrome privileges by e.g. \nclicking on a link opened in an \"about:blank\" window created and\npopulated in a certain ways by an addon. \n\nSuccessful exploitation requires that certain addons are installed. \nhttp://www.mozilla.com/en-US/firefox/\n\nThunderbird:\nFixed in the upcoming version 2.0.0.6. \nhttp://www.mozilla.com/en-US/thunderbird/\n\nSeaMonkey:\nFixed in the upcoming version 1.1.4. \n\nFor more information:\nSA26201\n\nPROVIDED AND/OR DISCOVERED BY:\nmoz_bug_r_a4\n\nCHANGELOG:\n2007-07-31: Updated \"Description\". Added link to vendor advisory. \"mailto\", \"news\", \"nntp\", \"snews\", \"telnet\"). using\nFirefox visits a malicious website with a specially crafted \"mailto\"\nURI containing a \"%\" character and ends in a certain extension (e.g. \n\nThe vulnerability is confirmed on a fully patched Windows XP SP2 and\nWindows Server 2003 SP2 system using Firefox version 2.0.0.5 and\nNetscape Navigator version 9.0b2. Other versions and browsers may\nalso be affected. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nPROVIDED AND/OR DISCOVERED BY:\nVulnerability discovered by:\n* Billy (BK) Rios\n\nFirefox not escaping quotes originally discussed by:\n* Jesper Johansson\n\nAdditional research by Secunia Research. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\tNational Cyber Alert System\n   Technical Cyber Security Alert TA07-297B\n\n\nAdobe Updates for Microsoft Windows URI Vulnerability\n\n   Original release date: October 24, 2007\n   Last revised: --\n   Source: US-CERT\n\nSystems Affected\n\n   Microsoft Windows XP and Windows Server 2003 systems with Internet\n   Explorer 7 and any of the following Adobe products:\n     * Adobe Reader 8.1 and earlier\n     * Adobe Acrobat Professional, 3D, and Standard 8.1 and earlier\n     * Adobe Reader 7.0.9 and earlier\n     * Adobe Acrobat Professional, 3D, Standard, and Elements 7.0.9 and\n       earlier\n\nOverview\n\n   Adobe has released updates for the Adobe Reader and Adobe Acrobat\n   product families. The update addresses a URI handling vulnerability in\n   Microsoft Windows XP and Server 2003 systems with Internet Explorer 7. \n\nI. Description\n\n   Installing Microsoft Internet Explorer (IE) 7 on Windows XP or Server\n   2003 changes the way Windows handles Uniform Resource Identifiers\n   (URIs). This change has introduced a flaw that can cause Windows to\n   incorrectly determine the appropriate handler for the protocol\n   specified in a URI. More information about this vulnerability is available in\n   US-CERT Vulnerability Note VU#403150. \n\n   Public reports indicate that this vulnerability is being actively\n   exploited with malicious PDF files. Adobe has released Adobe Reader\n   8.1.1 and Adobe Acrobat 8.1.1, which mitigate this vulnerability. \n\nII. \n\nIII. Solution\n\nApply an update\n\n   Adobe has released Adobe Reader 8.1.1 and Adobe Acrobat 8.1.1 to\n   address this issue. These Adobe products handle URIs in a way that\n   mitigates the vulnerability in Microsoft Windows. \n\nDisable the mailto: URI in Adobe Reader and Adobe Acrobat\n\n   If you are unable to install an updated version of the software, this\n   vulnerability can be mitigated by disabling the mailto: URI handler in\n   Adobe Reader and Adobe Acrobat. Please see Adobe Security Bulletin\n   APSB07-18 for details. \n\n\nAppendix A. Vendor Information\n\nAdobe\n\n   For information about updating affected Adobe products, see Adobe\n   Security Bulletin APSB07-18. \n\nAppendix B. References\n\n    * Adobe Security Bulletin APSB07-18 -\n      \u003chttp://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e\n     \n    * Microsoft Security Advisory (943521) -\n      \u003chttp://www.microsoft.com/technet/security/advisory/943521.mspx\u003e\n     \n    * US-CERT Vulnerability Note VU#403150 -\n      \u003chttp://www.kb.cert.org/vuls/id/403150\u003e\n\n _________________________________________________________________\n\n   The most recent version of this document can be found at:\n\n     \u003chttp://www.us-cert.gov/cas/techalerts/TA07-297B.html\u003e\n _________________________________________________________________\n\n   Feedback can be directed to US-CERT Technical Staff. Please send\n   email to \u003ccert@cert.org\u003e with \"TA07-297B Feedback VU#403150\" in the\n   subject. \n _________________________________________________________________\n    \n   For instructions on subscribing to or unsubscribing from this\n   mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n _________________________________________________________________\n\n   Produced 2007 by US-CERT, a government organization. \n\n   Terms of use:\n\n     \u003chttp://www.us-cert.gov/legal.html\u003e\n _________________________________________________________________\n\nRevision History\n\n   October 24, 2007: Initial release\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRx+8WPRFkHkM87XOAQIrOQf/USsBbfDmKZ4GCi8W2466mI+kZoEHoe/H\n3l3p4/1cuFGoPHFfeDLbG+alXiHSAdXoX7Db34InEUKMs7kRUVPEdW9LggI9VaTJ\nlKnZJxM3dXL+zPCWcDkNqrmmzyJuXwN5FmSXhlcnN4+FRzNrZYwDe1UcOk3q6m1s\nVNPIBTrqfSuFRllNt+chV1vQ876LLweS+Xh1DIQ/VIyduqvTogoYZO4p2A0YJD57\n4y0obNuk+IhgzyhZHtSsR0ql7rGrFr4S97XUQGbKOAZWcDzNGiXJ5FkrMTaP25OI\nLazBVDofVz8ydUcEkb4belgv5REpfYUJc9hRbRZ+IpbAay2j42m8NQ==\n=PgB9\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "db": "PACKETSTORM",
        "id": "47071"
      },
      {
        "db": "PACKETSTORM",
        "id": "57832"
      },
      {
        "db": "PACKETSTORM",
        "id": "58191"
      },
      {
        "db": "PACKETSTORM",
        "id": "58068"
      },
      {
        "db": "PACKETSTORM",
        "id": "60418"
      }
    ],
    "trust": 3.6
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "SECUNIA",
        "id": "26201",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "20449",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "18308",
        "trust": 1.7
      },
      {
        "db": "SREASON",
        "id": "1059",
        "trust": 1.7
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2161",
        "trust": 1.7
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "26288",
        "trust": 0.9
      },
      {
        "db": "SECUNIA",
        "id": "26095",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400",
        "trust": 0.9
      },
      {
        "db": "CERT/CC",
        "id": "VU#143297",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20060605 FILE UPLOAD WIDGETS IN IE AND FIREFOX HAVE ISSUES",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-19008",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "47071",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "57832",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58191",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "58068",
        "trust": 0.1
      },
      {
        "db": "USCERT",
        "id": "TA07-297B",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "60418",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "db": "PACKETSTORM",
        "id": "47071"
      },
      {
        "db": "PACKETSTORM",
        "id": "57832"
      },
      {
        "db": "PACKETSTORM",
        "id": "58191"
      },
      {
        "db": "PACKETSTORM",
        "id": "58068"
      },
      {
        "db": "PACKETSTORM",
        "id": "60418"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "id": "VAR-200606-0464",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:05:26.386000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://secunia.com/advisories/26201/"
      },
      {
        "trust": 1.7,
        "url": "http://xs-sniper.com/blog/2007/07/24/remote-command-execution-in-firefox-2005/"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/18308"
      },
      {
        "trust": 1.7,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-june/046610.html"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20449"
      },
      {
        "trust": 1.7,
        "url": "http://securityreason.com/securityalert/1059"
      },
      {
        "trust": 1.6,
        "url": "http://xs-sniper.com/blog/remote-command-exec-firefox-2005/"
      },
      {
        "trust": 1.6,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389580"
      },
      {
        "trust": 1.6,
        "url": "http://support.microsoft.com/kb/224816"
      },
      {
        "trust": 1.6,
        "url": "http://kb.mozillazine.org/firefox_:_faqs_:_about:config_entries"
      },
      {
        "trust": 1.6,
        "url": "http://en.wikipedia.org/wiki/uniform_resource_identifier"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2161"
      },
      {
        "trust": 0.9,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-20.html"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/26095/"
      },
      {
        "trust": 0.9,
        "url": "http://secunia.com/advisories/26288/"
      },
      {
        "trust": 0.8,
        "url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=382686"
      },
      {
        "trust": 0.8,
        "url": "http://www.w3schools.com/tags/tag_iframe.asp"
      },
      {
        "trust": 0.8,
        "url": "http://www.w3.org/tr/html401/present/frames.html#h-16.5"
      },
      {
        "trust": 0.8,
        "url": "https://addons.mozilla.org/en-us/firefox/addon/722"
      },
      {
        "trust": 0.8,
        "url": "http://www.mozilla.org/projects/security/components/same-origin.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.cert.org/archive/pdf/cross_site_scripting.pdf"
      },
      {
        "trust": 0.8,
        "url": "http://www.stopbadware.org/home/security#preventing"
      },
      {
        "trust": 0.8,
        "url": "http://www.antiphishing.org/consumer_recs.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.us-cert.gov/reading_room/securing_browser/"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/bulletin/ms07-061.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx"
      },
      {
        "trust": 0.8,
        "url": "http://blogs.technet.com/msrc/archive/2007/10/25/msrc-blog-october-25th-update-to-security-advisory-943521.aspx"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/support/security/advisories/apsa07-04.html"
      },
      {
        "trust": 0.8,
        "url": "http://www.adobe.com/support/security/bulletins/apsb07-18.html"
      },
      {
        "trust": 0.8,
        "url": "http://en-us.www.mozilla.com/en-us/firefox/2.0.0.6/releasenotes/"
      },
      {
        "trust": 0.8,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=389106"
      },
      {
        "trust": 0.8,
        "url": "http://www.w3schools.com/tags/ref_urlencode.asp"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2161"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.4,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.2,
        "url": "http://secunia.com/product/12434/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20449/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20442/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/11/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_specialist/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-18.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-25.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/21906/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-19.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-21.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/projects/seamonkey/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.com/en-us/firefox/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-27.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.com/en-us/thunderbird/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14383/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/14070/"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=388121"
      },
      {
        "trust": 0.1,
        "url": "http://www.mozilla.org/security/announce/2007/mfsa2007-26.html"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1173/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/22/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1174/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1176/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/1175/"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/783400"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/16/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/12366/"
      },
      {
        "trust": 0.1,
        "url": "http://msinfluentials.com/blogs/jesper/archive/2007/07/20/hey-mozilla-quotes-are-not-legal-in-a-url.aspx"
      },
      {
        "trust": 0.1,
        "url": "http://www.adobe.com/support/security/bulletins/apsb07-18.htm\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.microsoft.com/technet/security/advisory/943521.mspx\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.kb.cert.org/vuls/id/403150\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/signup.html\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/legal.html\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://www.us-cert.gov/cas/techalerts/ta07-297b.html\u003e"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "db": "PACKETSTORM",
        "id": "47071"
      },
      {
        "db": "PACKETSTORM",
        "id": "57832"
      },
      {
        "db": "PACKETSTORM",
        "id": "58191"
      },
      {
        "db": "PACKETSTORM",
        "id": "58068"
      },
      {
        "db": "PACKETSTORM",
        "id": "60418"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "db": "PACKETSTORM",
        "id": "47071"
      },
      {
        "db": "PACKETSTORM",
        "id": "57832"
      },
      {
        "db": "PACKETSTORM",
        "id": "58191"
      },
      {
        "db": "PACKETSTORM",
        "id": "58068"
      },
      {
        "db": "PACKETSTORM",
        "id": "60418"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-06-08T00:00:00",
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "date": "2007-07-27T00:00:00",
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "date": "2007-07-26T00:00:00",
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "date": "2006-06-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "date": "2006-06-10T05:36:59",
        "db": "PACKETSTORM",
        "id": "47071"
      },
      {
        "date": "2007-07-19T02:44:59",
        "db": "PACKETSTORM",
        "id": "57832"
      },
      {
        "date": "2007-08-01T00:35:42",
        "db": "PACKETSTORM",
        "id": "58191"
      },
      {
        "date": "2007-07-27T03:17:23",
        "db": "PACKETSTORM",
        "id": "58068"
      },
      {
        "date": "2007-10-25T04:18:19",
        "db": "PACKETSTORM",
        "id": "60418"
      },
      {
        "date": "2006-06-07T16:02:00",
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "date": "2006-06-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-14T00:00:00",
        "db": "CERT/CC",
        "id": "VU#143297"
      },
      {
        "date": "2007-11-13T00:00:00",
        "db": "CERT/CC",
        "id": "VU#403150"
      },
      {
        "date": "2007-07-31T00:00:00",
        "db": "CERT/CC",
        "id": "VU#783400"
      },
      {
        "date": "2011-10-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19008"
      },
      {
        "date": "2011-10-11T04:00:00",
        "db": "NVD",
        "id": "CVE-2006-2900"
      },
      {
        "date": "2006-08-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mozilla Firefox allows cross-domain iframe access via JavaScript",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#143297"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200606-183"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2900 (GCVE-0-2006-2900)

GHSA-Q95H-8XHW-CCXP

GSD-2006-2900

FKIE_CVE-2006-2900

VAR-200606-0464

Tags

Sightings

Nomenclature