CVE-2006-4092

Sažetak

Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.

Reference

http://secunia.com/advisories/21321
http://securityreason.com/securityalert/1365
http://www.securityfocus.com/archive/1/442058/100/100/threaded
http://www.securityfocus.com/archive/1/444026/100/100/threaded
http://www.securityfocus.com/bid/19304
https://exchange.xforce.ibmcloud.com/vulnerabilities/28224

CVSS

Base:	3.6
Impact:	4.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:L/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

17-10-2018 - 21:33

Objavljeno

11-08-2006 - 10:04