Description
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by http-equiv · textremotewindows
https://www.exploit-db.com/exploits/24714
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/11273
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/379903
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17938
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/702086
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11565
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425386/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/425883/100/0/threaded
Scores
EPSS
0.4077
EPSS Percentile
97.4%
Details
Status
published
Products (1)
microsoft/ie
6.0 sp2
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026