CVE-2006-4092 - Vulnerability Details - OpenCVE

Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00071.

Key SSVC decision points have not yet been added.

Vendors	Products
Simpliciti	Locked Browser

Configuration 1 [-]

cpe:2.3:a:simpliciti:locked_browser:*:*:*:*:*:*:*:*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2006-4084	Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/21321
http://securityreason.com/securityalert/1365
http://www.securityfocus.com/archive/1/442058/100/100/threaded
http://www.securityfocus.com/archive/1/444026/100/100/threaded
http://www.securityfocus.com/bid/19304
https://exchange.xforce.ibmcloud.com/vulnerabilities/28224

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-11T10:00:00

Updated: 2024-08-07T18:57:45.753Z

Reserved: 2006-08-10T00:00:00

Link: CVE-2006-4092

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-11T10:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4092

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060822 Simpliciti Locked Browser Jail Breakout Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/444026/100/100/threaded"}, {"name": "21321", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21321"}, {"name": "19304", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19304"}, {"name": "20060802 Simpliciti Locked Browser Jail Breakout Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/442058/100/100/threaded"}, {"name": "1365", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1365"}, {"name": "simpliciti-security-bypass(28224)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4092", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060822 Simpliciti Locked Browser Jail Breakout Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/444026/100/100/threaded"}, {"name": "21321", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21321"}, {"name": "19304", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19304"}, {"name": "20060802 Simpliciti Locked Browser Jail Breakout Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/442058/100/100/threaded"}, {"name": "1365", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1365"}, {"name": "simpliciti-security-bypass(28224)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:57:45.753Z"}, "title": "CVE Program Container", "references": [{"name": "20060822 Simpliciti Locked Browser Jail Breakout Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/444026/100/100/threaded"}, {"name": "21321", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21321"}, {"name": "19304", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19304"}, {"name": "20060802 Simpliciti Locked Browser Jail Breakout Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/442058/100/100/threaded"}, {"name": "1365", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1365"}, {"name": "simpliciti-security-bypass(28224)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4092", "datePublished": "2006-08-11T10:00:00", "dateReserved": "2006-08-10T00:00:00", "dateUpdated": "2024-08-07T18:57:45.753Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simpliciti:locked_browser:*:*:*:*:*:*:*:*", "matchCriteriaId": "252E167E-1226-4A42-BAF1-CA3AAB2213E7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager."}, {"lang": "es", "value": "Simpliciti Locked Browser no limita adecuadamente las acciones de usuario a las que se pretenden dentro del entorno de Internet Explorer, lo cual permite a usuarios locales realizar acciones no autorizadas visiatndo un sitio web que ejecute un bucle JavasScript windows.blur para quitar el foco de la ventana de navegador, cuando se presiona CTRL-MAYUSCULAS-ESC para invocar el Administrador de Tareas."}], "id": "CVE-2006-4092", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-11T10:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/21321"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1365"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/442058/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/444026/100/100/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19304"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/21321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1365"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/442058/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/444026/100/100/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28224"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}