Executive Summary

Informations
Name CVE-2004-0526 First vendor Publication 2004-08-06
Vendor Cve Last vendor Modification 2021-07-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0526

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 10
Application 11
Application 10

Open Source Vulnerability Database (OSVDB)

Id Description
6538 Microsoft IE/Outlook ImageMap URL Spoofing

Internet Explorer contains a flaw that may allow a malicious user spoof a trusted web page. The issue is triggered by a specially crafted URL containing an IMG tag within an A HREF tag that specifies the destination address using the MAP tag, which will be loaded in a user's browser and a different URL would be displayed in the status bar of a spoofed Web page. It is possible that the flaw may allow a malicious user to spoof a valid website, resulting in a loss of integrity.
6007 Microsoft IE/Outlook IMG/HREF Tag Code Execution

Microsoft IE and Outlook contain a flaw that may allow a malicious attacker to send users a link that loads arbitrary html code which is not displayed and is stored locally. The issue is triggered when an IMG tag is enclosed in the A HREF tag, as the reference content is stored locally in the user's cache. It is possible that the flaw may allow an attacker to trick users into executing stored content locally by sending a URL whose A HREF tag points them to the locally cached content.

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/10308
BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2004-05/0161.html
http://marc.info/?l=bugtraq&m=108422905510713&w=2
MISC http://www.kurczaba.com/securityadvisories/0405132poc.htm
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/16102

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2021-07-27 00:24:37
  • Multiple Updates
2021-07-24 01:44:14
  • Multiple Updates
2021-07-24 01:01:42
  • Multiple Updates
2021-07-23 17:24:41
  • Multiple Updates
2021-07-23 01:44:03
  • Multiple Updates
2021-07-23 01:01:41
  • Multiple Updates
2021-07-22 21:24:58
  • Multiple Updates
2021-05-04 12:02:20
  • Multiple Updates
2021-04-22 01:02:29
  • Multiple Updates
2020-05-23 00:15:48
  • Multiple Updates
2017-07-11 12:01:27
  • Multiple Updates
2016-10-18 12:01:20
  • Multiple Updates
2013-05-11 11:41:58
  • Multiple Updates