Vulnerability Details CVE-2004-0526
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.513
EPSS Ranking 97.7%
CVSS Severity
CVSS v2 Score 5.0
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html
- http://marc.info/?l=bugtraq&m=108422905510713&w=2
- http://www.kurczaba.com/securityadvisories/0405132poc.htm
- http://www.securityfocus.com/bid/10308
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16102
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html
- http://marc.info/?l=bugtraq&m=108422905510713&w=2
- http://www.kurczaba.com/securityadvisories/0405132poc.htm
- http://www.securityfocus.com/bid/10308
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16102
Products affected by CVE-2004-0526
-
cpe:2.3:a:microsoft:ie:6.0
-
cpe:2.3:a:microsoft:internet_explorer:5.0
-
cpe:2.3:a:microsoft:internet_explorer:5.0.1
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0
-
cpe:2.3:a:microsoft:outlook:2000
-
cpe:2.3:a:microsoft:outlook:2002
-
cpe:2.3:a:microsoft:outlook:2003
-
cpe:2.3:a:microsoft:outlook:97
-
cpe:2.3:a:microsoft:outlook:98
-
cpe:2.3:a:microsoft:outlook_express:4.0
-
cpe:2.3:a:microsoft:outlook_express:4.01
-
cpe:2.3:a:microsoft:outlook_express:4.27.3110
-
cpe:2.3:a:microsoft:outlook_express:4.72.2106
-
cpe:2.3:a:microsoft:outlook_express:4.72.3120.0
-
cpe:2.3:a:microsoft:outlook_express:4.72.3612
-
cpe:2.3:a:microsoft:outlook_express:5.0
-
cpe:2.3:a:microsoft:outlook_express:5.0.1
-
cpe:2.3:a:microsoft:outlook_express:5.5
-
cpe:2.3:a:microsoft:outlook_express:6.0