CVE-2006-4661 - OpenCVE

AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Icq Inc	Icq Toolbar

Configuration 1 [-]

cpe:2.3:a:icq_inc:icq_toolbar:1.3_for_internet_explorer:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/21809
http://securityreason.com/securityalert/1523
http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510	Vendor Advisory
http://www.securityfocus.com/archive/1/445515/100/0/threaded
http://www.securityfocus.com/bid/19900
http://www.vupen.com/english/advisories/2006/3528
https://exchange.xforce.ibmcloud.com/vulnerabilities/28814

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-09-09T00:00:00

Updated: 2018-10-17T20:57:01

Reserved: 2006-09-08T00:00:00

Link: CVE-2006-4661

JSON object: View

NVD Information

Status : Modified

Published: 2006-09-09T00:04:00.000

Modified: 2018-10-17T21:38:56.607

Link: CVE-2006-4661

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-07T00:00:00", "descriptions": [{"lang": "en", "value": "AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510"}, {"name": "icq-toolbar-modify-settings(28814)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28814"}, {"name": "ADV-2006-3528", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3528"}, {"name": "19900", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19900"}, {"name": "20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445515/100/0/threaded"}, {"name": "21809", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21809"}, {"name": "1523", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1523"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4661", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510", "refsource": "MISC", "url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510"}, {"name": "icq-toolbar-modify-settings(28814)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28814"}, {"name": "ADV-2006-3528", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3528"}, {"name": "19900", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19900"}, {"name": "20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445515/100/0/threaded"}, {"name": "21809", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21809"}, {"name": "1523", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1523"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4661", "datePublished": "2006-09-09T00:00:00", "dateReserved": "2006-09-08T00:00:00", "dateUpdated": "2018-10-17T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:icq_inc:icq_toolbar:1.3_for_internet_explorer:*:*:*:*:*:*:*", "matchCriteriaId": "55B074A0-C0A0-48F5-88CD-80EF81E57AD4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar."}, {"lang": "es", "value": "AOL ICQ Toolbar 1.3 para Internet Explorer (toolbaru.dll)no valida adecuadamente el origen de la configuraci\u00f3n de la p\u00e1gina web (options2.html), lo cual permite que un atacante remoto con la complicidad del usuario proveer una p\u00e1gina web que contengan botones de chequeo disfrazados que enga\u00f1an al usuario en la configuraci\u00f3n de nuevo de la barra de herramientas."}], "id": "CVE-2006-4661", "lastModified": "2018-10-17T21:38:56.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-09-09T00:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21809"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1523"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445515/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19900"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3528"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28814"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}