First published: Wed Dec 01 2004(Updated: )
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Internet Explorer | =6.0-sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2004-1104 is considered to have a moderate severity level due to its potential for phishing attacks.
To mitigate CVE-2004-1104, users should upgrade to a more secure version of Internet Explorer or use an alternative browser.
CVE-2004-1104 primarily affects users of Microsoft Internet Explorer 6.0 SP2.
CVE-2004-1104 can facilitate phishing attacks by allowing attackers to spoof the legitimate URL in the status bar.
While CVE-2004-1104 is an older vulnerability, it still serves as a reminder of the importance of using updated and secure web browsers.