Vulnerabilities > CVE-2004-1104 - Unspecified vulnerability in Microsoft IE 6.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness. CVE-2004-1104 . Remote exploit for windows platform |
| id | EDB-ID:24714 |
| last seen | 2016-02-02 |
| modified | 2004-10-30 |
| published | 2004-10-30 |
| reporter | http-equiv |
| source | https://www.exploit-db.com/download/24714/ |
| title | Microsoft Internet Explorer 6.0 HTML Form Tags URI Obfuscation Weakness |
References
- http://secunia.com/advisories/11273
- http://www.kb.cert.org/vuls/id/702086
- http://www.securityfocus.com/archive/1/379903
- http://www.securityfocus.com/archive/1/425386/100/0/threaded
- http://www.securityfocus.com/archive/1/425883/100/0/threaded
- http://www.securityfocus.com/bid/11565
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17938