Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0526

4 documents4 sources
Severity
5.0MEDIUM
EPSS
49.6%
top 2.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
4
Microsoft IEMicrosoft Internet ExplorerMicrosoft Outlook+1 more
Timeline
PublishedAug 6
Latest updateApr 29

Description

Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

NVDmicrosoft/internet_explorer4 versions+3
NVDmicrosoft/outlook5 versions+4
NVDmicrosoft/outlook_express10 versions+9
NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-878f-q47g-6pq6: Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "al2022-04-29
CVEList
CVE-2004-0526: Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "al2004-06-08

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 4/5/6 - Embedded Image URI Obfuscation2004-05-10
CVE-2004-0526 (MEDIUM CVSS 5) | Unknown versions of Internet Explor | cvebase.io