Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2219

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2004-2219
Last Modified 05 Sep 2008 04:43:31
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-2219

Summary

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


References

XF - ie-address-bar-spoofing(17007)

OSVDB - 8978

SECTRACK - 1010957

SECUNIA - 12304

BUGTRAQ - 20040815 NullyFake - Site Spoofing in MSIE


Last Updated: 27 May 2016 10:39:24