Vulnerabilities > CVE-2004-2219 - Unspecified vulnerability in Microsoft IE and Internet Explorer

CVSS 2.6 - LOW

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

high complexity

microsoft

NVD

Published: 2004-12-31

Updated: 2021-07-23

Summary

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.01 Microsoft IE 6.0	4

References

http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html
http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt
http://www.osvdb.org/8978
http://securitytracker.com/id?1010957
http://secunia.com/advisories/12304
https://exchange.xforce.ibmcloud.com/vulnerabilities/17007