CVE-2006-4661 - AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of th

CVE-2006-4661

Summary

AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar.

References

Vulnerable Configurations

cpe:2.3:a:icq_inc:icq_toolbar:1.3_for_internet_explorer:*:*:*:*:*:*:*
cpe:2.3:a:icq_inc:icq_toolbar:1.3_for_internet_explorer:*:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 17-10-2018 - 21:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	19900
bugtraq	20060907 CORE-2006-0322: Multiple vulnerabilities in ICQ Toolbar 1.3 for Internet Explorer
misc	http://www.coresecurity.com/index.php5?module=ContentMod&action=item&id=1510
secunia	21809
sreason	1523
vupen	ADV-2006-3528
xf	icq-toolbar-modify-settings(28814)

Last major update

17-10-2018 - 21:38

Published

09-09-2006 - 00:04

Last modified

17-10-2018 - 21:38