Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1104Microsoft IE vulnerability

4 documents4 sources
Severity
7.5HIGHNVD
EPSS
40.8%
top 2.62%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Microsoft IE
Timeline
PublishedDec 31
Latest updateApr 29

Description

Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/ie6.0

🔴Vulnerability Details

2
GHSA
GHSA-9pp9-78gm-f2c2: Microsoft Internet Explorer 62022-04-29
CVEList
CVE-2004-1104: Microsoft Internet Explorer 62004-12-01

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 6 - HTML Form Tags URI Obfuscation2004-10-30
CVE-2004-1104 — Microsoft IE vulnerability | cvebase