CVE-2004-0526

Internet Explorer - XSS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0526. PoCs published by http-equiv.

AI-analyzed exploit summary This is a writeup describing a URI obfuscation weakness in Microsoft Internet Explorer, where an image within an HREF tag can deceive users into clicking a malicious link. The provided HTML snippet demonstrates how an attacker could exploit this by disguising a link to appear as if it points to a trusted site.

Description

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/24102

View Code ZIP pw:eip

This is a writeup describing a URI obfuscation weakness in Microsoft Internet Explorer, where an image within an HREF tag can deceive users into clicking a malicious link. The provided HTML snippet demonstrates how an attacker could exploit this by disguising a link to appear as if it points to a trusted site.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Microsoft Internet Explorer (versions affected in 2004)

No auth needed

Prerequisites: User interaction (clicking a link) · Victim using a vulnerable version of Internet Explorer

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/16102

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=108422905510713&w=2

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/10308

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html

Various Sources x_refsource_misc

http://www.kurczaba.com/securityadvisories/0405132poc.htm

Scores

EPSS 0.1725

EPSS Percentile 96.7%

Details

Status published

Products (20)

microsoft/ie 6.0 sp1

microsoft/internet_explorer 5.0

microsoft/internet_explorer 5.0.1 (5 CPE variants)

microsoft/internet_explorer 5.5 (3 CPE variants)

microsoft/internet_explorer 6.0

microsoft/outlook 97

microsoft/outlook 98

microsoft/outlook 2000 (4 CPE variants)

microsoft/outlook 2002 (4 CPE variants)

microsoft/outlook 2003

... and 10 more

Published Aug 06, 2004

Tracked Since Feb 18, 2026