CVE-2006-2094

medium

Microsoft

CVSS v3 Base Score

5.1

AV:N/AC:H/Au:N/C:P/I:P/A:P

EPSS Score

38.2%

Exploitation probability in 30 days

Top 3% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

High

Confidentiality

Integrity

Availability

Published: April 29, 2006 (7320 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.

CWE

CWE-362

Affected Products

microsoft iemicrosoft internet explorer

References

🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 archives.neohapsis.com 🔗 lists.grok.org.uk 🔗 securitytracker.com

CVE-2006-2094

Vulnerability Report

Description

CWE

Affected Products

References