Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0526

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0526
Last Modified 05 Sep 2008 04:38:39
Published 06 Aug 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0526

Summary

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

Vulnerable Systems

Application

  • Microsoft Ie 5.0

  • Microsoft Ie 5.0.1

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0

  • Microsoft Outlook 2000

  • Microsoft Outlook 2002

  • Microsoft Outlook 2003

  • Microsoft Outlook 97

  • Microsoft Outlook 98

  • Microsoft Outlook Express 4.0

  • Microsoft Outlook Express 4.01

  • Microsoft Outlook Express 4.27.3110

  • Microsoft Outlook Express 4.72.2106

  • Microsoft Outlook Express 4.72.3120.0

  • Microsoft Outlook Express 4.72.3612

  • Microsoft Outlook Express 5.0

  • Microsoft Outlook Express 5.0.1

  • Microsoft Outlook Express 5.5

  • Microsoft Outlook Express 6.0


References

XF - ie-ahref-url-spoofing(16102)

BID - 10308

MISC - http://www.kurczaba.com/securityadvisories/0405132poc.htm

BUGTRAQ - 20040510 DEEP SEA PHISHING: Internet Explorer / Outlook Express

BUGTRAQ - 20040517 Microsoft Internet Explorer ImageMap URL Spoof Vulnerability


Last Updated: 27 May 2016 10:38:38