Microsoft Internet Explorer 7.0 Address Bar invalidcert.htm
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.1 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in Microsoft Internet Explorer 7.0. Affected by this issue is some unknown functionality in the library res://ieframe.dll/invalidcert.htm of the component Address Bar. Such manipulation leads to an unknown weakness. This vulnerability is listed as CVE-2006-5805. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.
Details
A vulnerability was found in Microsoft Internet Explorer 7.0 (Web Browser) and classified as problematic. Affected by this issue is an unknown functionality in the library res://ieframe.dll/invalidcert.htm of the component Address Bar. Impacted is integrity. CVE summarizes:
Microsoft Internet Explorer 7 allows remote attackers to cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/invalidcert.htm with the target site as an argument, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid.
The issue has been introduced in 07/27/2005. The weakness was presented 11/08/2006 as not defined posting (Bugtraq). The advisory is shared for download at securityfocus.com. This vulnerability is handled as CVE-2006-5805 since 11/08/2006. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. There are known technical details, but no exploit is available.
The vulnerability was handled as a non-public zero-day exploit for at least 469 days. During that time the estimated underground price was around $25k-$100k. By approaching the search of inurl:res://ieframe.dll/invalidcert.htm it is possible to find vulnerable targets with Google Hacking.
Upgrading eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at SecurityTracker (ID 1017165†). Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.microsoft.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.3VulDB Meta Temp Score: 5.1
VulDB Base Score: 5.3
VulDB Temp Score: 5.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: UnknownCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Timeline
07/27/2005 🔍11/07/2006 🔍
11/08/2006 🔍
11/08/2006 🔍
11/08/2006 🔍
03/12/2015 🔍
04/27/2026 🔍
Sources
Vendor: microsoft.comAdvisory: securityfocus.com⛔
Status: Confirmed
CVE: CVE-2006-5805 (🔍)
GCVE (CVE): GCVE-0-2006-5805
GCVE (VulDB): GCVE-100-33188
SecurityTracker: 1017165 - Microsoft Internet Explorer 'ieframe.dll' Lets Remote Users Spoof Invalid Certificates
Entry
Created: 03/12/2015 22:21Updated: 04/27/2026 02:14
Changes: 03/12/2015 22:21 (46), 05/07/2019 12:41 (4), 04/27/2026 02:14 (25)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.