CVE-2004-1104

Microsoft Internet Explorer 6.0 SP2 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1104. PoCs published by http-equiv.

AI-analyzed exploit summary This exploit demonstrates a URI obfuscation weakness in Microsoft Internet Explorer, allowing an attacker to display false information in the status bar. It leverages specially crafted HTML anchor and form tags to present web pages that appear to originate from a trusted location.

Description

Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.

Exploits (1)

exploitdb WORKING POC VERIFIED

by http-equiv · textremotewindows

https://www.exploit-db.com/exploits/24714

View Code ZIP pw:eip

This exploit demonstrates a URI obfuscation weakness in Microsoft Internet Explorer, allowing an attacker to display false information in the status bar. It leverages specially crafted HTML anchor and form tags to present web pages that appear to originate from a trusted location.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 6 SP2

No auth needed

Prerequisites: User interaction required to view the crafted HTML page

MITRE ATT&CK